Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
allpdfpro.msi

Overview

General Information

Sample name:allpdfpro.msi
Analysis ID:1554005
MD5:37ee64537ace68398452082f4b28ff8a
SHA1:ee4a03bb2e64a5c047beacd1271cde1e3079bc2c
SHA256:c0dea5039c67a46462116a345b39e3953f89b87f395b537b2a8be0e3f2b4f8bd
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Creates multiple autostart registry keys
Drops executables to the windows directory (C:\Windows) and starts them
Excessive usage of taskkill to terminate processes
Installs Task Scheduler Managed Wrapper
Tries to harvest and steal browser information (history, passwords, etc)
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for available system drives (often done to infect USB drives)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Suspicious Copy From or To System Directory
Stores large binary data to the registry
Tries to disable installed Antivirus / HIPS / PFW
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64native
  • msiexec.exe (PID: 7604 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\allpdfpro.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7720 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 5864 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 3866399E1BFBB92958CCE7C8594EF453 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 6108 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 3CEBF64AD23C2D8EE07988E727EF4353 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • onestart_installer.exe (PID: 4128 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe" "install" "15" "2" MD5: 1C893E34134BB81B487D00F5282BEB89)
      • setup.exe (PID: 6540 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe" --install-archive="C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\ONESTART.PACKED.7Z" "install" "15" "2" MD5: 105A51C7DEF4390A6D9F8BD0E76178DD)
        • setup.exe (PID: 6704 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff7336cca30,0x7ff7336cca3c,0x7ff7336cca48 MD5: 105A51C7DEF4390A6D9F8BD0E76178DD)
        • cmd.exe (PID: 5500 cmdline: C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 4396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • taskkill.exe (PID: 5364 cmdline: taskkill /im DBar.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
          • Conhost.exe (PID: 5064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • cmd.exe (PID: 6336 cmdline: C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 7044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • taskkill.exe (PID: 6672 cmdline: taskkill /im DBar.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
        • cmd.exe (PID: 6628 cmdline: C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 2292 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • taskkill.exe (PID: 5324 cmdline: taskkill /im DBar.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
        • cmd.exe (PID: 592 cmdline: C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 7132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • taskkill.exe (PID: 6596 cmdline: taskkill /im DBar.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
        • cmd.exe (PID: 992 cmdline: C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 4928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • taskkill.exe (PID: 7060 cmdline: taskkill /im DBar.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
        • cmd.exe (PID: 6004 cmdline: C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 4620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • taskkill.exe (PID: 3268 cmdline: taskkill /im DBar.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
        • cmd.exe (PID: 6432 cmdline: C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 2060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • taskkill.exe (PID: 2236 cmdline: taskkill /im DBar.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
        • cmd.exe (PID: 6172 cmdline: C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 4236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • taskkill.exe (PID: 3516 cmdline: taskkill /im DBar.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
        • cmd.exe (PID: 448 cmdline: C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 6392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • taskkill.exe (PID: 4868 cmdline: taskkill /im DBar.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
        • cmd.exe (PID: 4172 cmdline: C:\Windows\System32\cmd.exe /c "taskkill /f /im DBar.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 5104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
            • Conhost.exe (PID: 5308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • taskkill.exe (PID: 7192 cmdline: taskkill /f /im DBar.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
        • cmd.exe (PID: 7388 cmdline: C:\Windows\System32\cmd.exe /c "taskkill /f /im DBar.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 7356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • taskkill.exe (PID: 7520 cmdline: taskkill /f /im DBar.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
        • cmd.exe (PID: 7524 cmdline: C:\Windows\System32\cmd.exe /c "rmdir "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar\bin" /s /q" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 7568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • cmd.exe (PID: 6652 cmdline: C:\Windows\System32\cmd.exe /c "xcopy "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar" "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar_new" /s /e /i" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 7764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • xcopy.exe (PID: 7260 cmdline: xcopy "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar" "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar_new" /s /e /i MD5: 39FBFD3AF58238C6F9D4D408C9251FF5)
        • setup.exe (PID: 7040 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0 MD5: 105A51C7DEF4390A6D9F8BD0E76178DD)
          • setup.exe (PID: 1416 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff7336cca30,0x7ff7336cca3c,0x7ff7336cca48 MD5: 105A51C7DEF4390A6D9F8BD0E76178DD)
        • onestart.exe (PID: 2028 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --from-installer MD5: E55F91E0BC4D6D3029E7492F4C28A08F)
          • onestart.exe (PID: 5928 cmdline: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0xf0,0xf4,0xf8,0xcc,0xfc,0x7ffd4b4c1c70,0x7ffd4b4c1c7c,0x7ffd4b4c1c88 MD5: E55F91E0BC4D6D3029E7492F4C28A08F)
            • onestart.exe (PID: 1864 cmdline: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0x160,0x164,0x168,0x128,0x170,0x7ff7b71cbcb8,0x7ff7b71cbcc4,0x7ff7b71cbcd0 MD5: E55F91E0BC4D6D3029E7492F4C28A08F)
          • onestart.exe (PID: 5100 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=1948 /prefetch:2 MD5: E55F91E0BC4D6D3029E7492F4C28A08F)
          • onestart.exe (PID: 6240 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --field-trial-handle=2116,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:3 MD5: E55F91E0BC4D6D3029E7492F4C28A08F)
          • onestart.exe (PID: 3644 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2148,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=3372 /prefetch:8 MD5: E55F91E0BC4D6D3029E7492F4C28A08F)
          • onestart.exe (PID: 5620 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --field-trial-handle=3448,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:8 MD5: E55F91E0BC4D6D3029E7492F4C28A08F)
          • cmd.exe (PID: 1996 cmdline: C:\Windows\System32\cmd.exe /c ""%LOCALAPPDATA%\OneStart.ai\OneStart\Application\onestart.exe" --update" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • onestart.exe (PID: 7260 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --update MD5: E55F91E0BC4D6D3029E7492F4C28A08F)
          • explorer.exe (PID: 5016 cmdline: C:\Windows\Explorer.EXE MD5: 5EA66FF5AE5612F921BC9DA23BAC95F7)
          • onestart.exe (PID: 4648 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1731349184574939 --launch-time-ticks=9833435775 --field-trial-handle=4212,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=4228 /prefetch:1 MD5: E55F91E0BC4D6D3029E7492F4C28A08F)
          • onestart.exe (PID: 7588 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1731349184574939 --launch-time-ticks=9834157164 --field-trial-handle=4240,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:1 MD5: E55F91E0BC4D6D3029E7492F4C28A08F)
          • onestart.exe (PID: 7468 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4516,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=4784 /prefetch:8 MD5: E55F91E0BC4D6D3029E7492F4C28A08F)
          • onestart.exe (PID: 7680 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=5272,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5400 /prefetch:8 MD5: E55F91E0BC4D6D3029E7492F4C28A08F)
          • onestart.exe (PID: 4272 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5440,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8 MD5: E55F91E0BC4D6D3029E7492F4C28A08F)
          • onestart.exe (PID: 3572 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5600,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5596 /prefetch:8 MD5: E55F91E0BC4D6D3029E7492F4C28A08F)
            • Conhost.exe (PID: 7212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • onestart.exe (PID: 2232 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5608,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8 MD5: E55F91E0BC4D6D3029E7492F4C28A08F)
        • cmd.exe (PID: 2212 cmdline: C:\Windows\System32\cmd.exe /c "xcopy "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar_new" "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar" /s /e /i" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 1568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • xcopy.exe (PID: 7216 cmdline: xcopy "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar_new" "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar" /s /e /i MD5: 39FBFD3AF58238C6F9D4D408C9251FF5)
        • cmd.exe (PID: 6832 cmdline: C:\Windows\System32\cmd.exe /c "rmdir "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar_new" /s /q" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 4272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • cmd.exe (PID: 5364 cmdline: C:\Windows\System32\cmd.exe /c "cd /d "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar\bin" && start DBar.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 6060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • DBar.exe (PID: 4512 cmdline: DBar.exe MD5: 24623571C3C2F6A2BE15A62C6FC18812)
    • MSI629.tmp (PID: 1216 cmdline: "C:\Windows\Installer\MSI629.tmp" /HideWindow cmd.exe /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\"" MD5: ACB1256D5FAB2FE57B2FA3BF3BD12FF0)
  • notification_helper.exe (PID: 5544 cmdline: "C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exe" -Embedding MD5: 6DEC68B6FD984A4CE3B82BE995745EA1)
    • chrome.exe (PID: 2380 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=128.0.6613.120 --initial-client-data=0x1c0,0x1c4,0x1c8,0x19c,0x1cc,0x7ff657d0e638,0x7ff657d0e644,0x7ff657d0e650 MD5: BB7C48CDDDE076E7EB44022520F40F77)
    • Conhost.exe (PID: 2376 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • cmd.exe (PID: 7188 cmdline: "C:\Windows\System32\cmd.exe" /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 7444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • cmd.exe (PID: 7556 cmdline: cmd.exe /C "START /MIN /D "C:\Windows\system32\config\systemprofile\AppData\Local\OneStart.ai\OneStart\Application" onestart.exe --existing-window" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 7388 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • onestart.exe (PID: 6908 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window MD5: E55F91E0BC4D6D3029E7492F4C28A08F)
      • onestart.exe (PID: 1816 cmdline: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0xf0,0xf4,0xf8,0xcc,0xfc,0x7ffd4b4c1c70,0x7ffd4b4c1c7c,0x7ffd4b4c1c88 MD5: E55F91E0BC4D6D3029E7492F4C28A08F)
  • cmd.exe (PID: 7296 cmdline: "C:\Windows\SysWOW64\cmd.exe" /c MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
    • conhost.exe (PID: 5716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe, ProcessId: 2028, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneStartChromium
Sigma detected: Suspicious Copy From or To System Directory
Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Windows\System32\cmd.exe /c "xcopy "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar" "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar_new" /s /e /i", CommandLine: C:\Windows\System32\cmd.exe /c "xcopy "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar" "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar_new" /s /e /i", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe" --install-archive="C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\ONESTART.PACKED.7Z" "install" "15" "2", ParentImage: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe, ParentProcessId: 6540, ParentProcessName: setup.exe, ProcessCommandLine: C:\Windows\System32\cmd.exe /c "xcopy "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar" "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar_new" /s /e /i", ProcessId: 6652, ProcessName: cmd.exe
Sigma detected: Local Accounts Discovery
Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\"", CommandLine: "C:\Windows\System32\cmd.exe" /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\"", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5016, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\"", ProcessId: 7188, ProcessName: cmd.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: onestart_installer.exe, 00000007.00000000.97872296556.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_02a3d17b-c
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_url_fetcher_2028_845183606
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_url_fetcher_2028_1047642397
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_url_fetcher_2028_1047642397\oimompecagnajdejgnnjijobebaeigek_4.10.2830.0_win64_dldxogwi36sxwpr57ta4lg57z4.crx3
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\_platform_specific\
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\_platform_specific\win_x64\
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\_platform_specific\win_x64\widevinecdm.dll.sig
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\_platform_specific\win_x64\widevinecdm.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\LICENSE
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\manifest.json
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\_metadata\
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\_metadata\verified_contents.json
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\manifest.fingerprint
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_BITS_2028_914187993
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\scoped_dir5620_990858864
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\scoped_dir5620_990858864\History
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\scoped_dir5620_990858864\Favicons
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneStart.ai OneStartJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeFile created: C:\Users\user\AppData\Local\Temp\chromium_installer.logJump to behavior
Source: Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: setup.exe, 00000008.00000003.98255453738.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdbD source: MSI629.tmp, 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmp, MSI629.tmp, 00000044.00000000.98305736547.0000000000CEE000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: d:\a01\_work\11\s\\binaries\x86ret\bin\i386\\msvcp140_codecvt_ids.i386.pdb source: setup.exe, 00000008.00000003.98255076472.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\unity\Abstractions\src\obj\Release\net48\Unity.Abstractions.pdbSHA256 source: setup.exe, 00000008.00000003.98255823429.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\11\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: setup.exe, 00000008.00000003.98255996060.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\vsprojects\ScreenRecorderLib\ScreenRecorderLib\bin\x86\Release\ScreenRecorderLib.pdb source: setup.exe, 00000008.00000003.98255248091.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\Documents\chromium-browser-scripts\src\out\Release\mini_installer.exe.pdb source: onestart_installer.exe, 00000007.00000000.97872296556.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000002.98288772731.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmp, onestart.exe, 0000004B.00000003.98352273497.0000568001204000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\a\WpfAppBar\WpfAppBar\WpfAppBar\obj\Release\net48\Itp.WpfAppBar.pdb source: setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.ValueTuple/net47\System.ValueTuple.pdb62P2 B2_CorDllMainmscoree.dll source: setup.exe, 00000008.00000003.98255763240.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /_/src/Flurl.Http/obj/Release/net472/Flurl.Http.pdbSHA256 source: setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net452\Microsoft.Win32.TaskScheduler.pdbSHA256 source: setup.exe, 00000008.00000003.98254799580.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdbBSJB source: setup.exe, 00000008.00000003.98255541897.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ome.dll.pdb source: onestart.exe, 0000004C.00000002.98336380348.00006C2800278000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\11\s\\binaries\x86ret\bin\i386\\msvcp140_atomic_wait.i386.pdb source: setup.exe, 00000008.00000003.98255005961.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdb source: setup.exe, 00000008.00000003.98255541897.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdbSHA256 source: setup.exe, 00000008.00000003.98254750380.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\unity\Container\src\obj\Release\net48\Unity.Container.pdbSHA256 source: setup.exe, 00000008.00000003.98255899577.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ?.pdbb@ source: onestart.exe, 0000004C.00000002.98335793049.00006C2800250000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\Users\Aybe\Documents\GitHub\Windows API Code Pack 1.1\source\WindowsAPICodePack\Shell\obj\Release\Microsoft.WindowsAPICodePack.Shell.pdb source: setup.exe, 00000008.00000003.98254875736.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\Documents\chromium-browser-scripts\src\out\Release\chrome_proxy.exe.pdb source: setup.exe, 00000008.00000003.98275407433.000001C368BF1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\vsprojects\ScreenRecorderLib\ScreenRecorderLib\bin\x86\Release\ScreenRecorderLib.pdbVV2GCTL source: setup.exe, 00000008.00000003.98255248091.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\unity\Container\src\obj\Release\net48\Unity.Container.pdb source: setup.exe, 00000008.00000003.98255899577.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdbl(% source: onestart.exe, 0000004C.00000002.98335793049.00006C2800250000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /_/artifacts/obj/System.Text.Json/Release/net462/System.Text.Json.pdb source: setup.exe, 00000008.00000003.98255622349.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: onestart.exe, 0000004C.00000002.98337641345.00006C28002D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.ValueTuple/net47\System.ValueTuple.pdb source: setup.exe, 00000008.00000003.98255763240.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /_/src/Flurl.Http/obj/Release/net472/Flurl.Http.pdb source: setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net452\Microsoft.Win32.TaskScheduler.pdb source: setup.exe, 00000008.00000003.98254799580.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netfx\System.Buffers.pdb source: setup.exe, 00000008.00000003.98255395573.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\Documents\chromium-browser-scripts\src\out\Release\setup.exe.pdb source: setup.exe, 00000008.00000000.97946763569.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.98282737220.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.97948101420.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000002.98268978733.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000000.98262445865.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000002.98272326005.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000000.98263812387.00007FF733659000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb source: setup.exe, 00000008.00000003.98255541897.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb source: setup.exe, 00000008.00000003.98255712240.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\Documents\chromium-browser-scripts\src\out\Release\initialexe\chrome.exe.pdb source: setup.exe, 00000008.00000003.98254309833.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, onestart.exe, 00000035.00000000.98270841411.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000038.00000000.98272552957.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000003C.00000000.98273931520.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000040.00000000.98289669945.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000042.00000000.98296837315.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000043.00000000.98301057690.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000045.00000000.98306421942.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004B.00000000.98320520583.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004C.00000000.98321644954.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004D.00000000.98326937877.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: Windows.Media.pdb source: onestart.exe, 00000035.00000003.98355028622.000021A403304000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /_/artifacts/obj/System.Text.Json/Release/net462/System.Text.Json.pdbSHA256D source: setup.exe, 00000008.00000003.98255622349.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdb source: setup.exe, 00000008.00000003.98254750380.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb source: MSI629.tmp, 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmp, MSI629.tmp, 00000044.00000000.98305736547.0000000000CEE000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: c:\Users\Aybe\Documents\GitHub\Windows API Code Pack 1.1\source\WindowsAPICodePack\Shell\obj\Release\Microsoft.WindowsAPICodePack.Shell.pdbpZ source: setup.exe, 00000008.00000003.98254875736.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: '(lhrome.dll.pdbl(' source: onestart.exe, 0000004C.00000002.98336380348.00006C2800278000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\a\WpfAppBar\WpfAppBar\WpfAppBar\obj\Release\net48\Itp.WpfAppBar.pdbSHA256F source: setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\unity\Abstractions\src\obj\Release\net48\Unity.Abstractions.pdb source: setup.exe, 00000008.00000003.98255823429.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: z:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: x:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: v:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: t:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: r:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: p:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: n:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: l:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: j:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: h:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: f:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: d:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: b:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: y:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: w:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: u:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: s:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: q:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: o:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: m:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: k:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: i:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: g:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: e:
Source: C:\Windows\explorer.exeFile opened: c:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: a:
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CE0B80 FindFirstFileExW,68_2_00CE0B80
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source6540_1742458073\onestart-binJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source6540_1742458073\onestart-bin\NULLJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source6540_1742458073\NULLJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\NULLJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source6540_1742458073Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source6540_1742458073\onestart-bin\126.0.6478.128Jump to behavior
Source: Joe Sandbox ViewIP Address: 151.101.193.229 151.101.193.229
Source: Joe Sandbox ViewIP Address: 104.17.245.203 104.17.245.203
Source: Joe Sandbox ViewIP Address: 151.101.194.137 151.101.194.137
Source: Joe Sandbox ViewIP Address: 151.101.194.137 151.101.194.137
Source: onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
Source: onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1452
Source: onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2152
Source: onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3246
Source: onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3682
Source: onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315189521.00005E8800138000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
Source: onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
Source: onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
Source: onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
Source: onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315189521.00005E8800138000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
Source: onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
Source: onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315189521.00005E8800138000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
Source: onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
Source: onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
Source: onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
Source: onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315189521.00005E8800138000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8297
Source: onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315189521.00005E8800138000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8417
Source: onestart.exe, 00000035.00000003.98365573411.000021A403640000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98371200554.000015300076C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://c.pki.goog/r/r1.crl0
Source: onestart.exe, 00000035.00000003.98365573411.000021A403640000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98371200554.000015300076C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://c.pki.goog/wr2/75r4ZyA3vA0.crl0
Source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: onestart_installer.exe, 00000007.00000003.97944503660.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.97944448712.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256199192.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98275407433.000001C368BF1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256441097.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256331036.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254484674.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256531500.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254875736.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256090537.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254309833.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254799580.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256152791.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256618602.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256702874.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255248091.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255899577.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256875828.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255823429.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: explorer.exe, 00000050.00000000.98338484448.0000000000EB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B
Source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: onestart_installer.exe, 00000007.00000003.97944503660.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.97944448712.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256199192.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98275407433.000001C368BF1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256441097.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256331036.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254484674.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256531500.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254875736.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256090537.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254309833.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254799580.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256152791.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256618602.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256702874.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255248091.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255899577.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256875828.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255823429.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: onestart_installer.exe, 00000007.00000003.97944503660.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.97944448712.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256199192.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98275407433.000001C368BF1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256441097.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256331036.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254484674.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256531500.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254875736.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256090537.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254309833.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254799580.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256152791.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256618602.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256702874.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255248091.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255899577.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256875828.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255823429.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/941620
Source: onestart_installer.exe, 00000007.00000003.97944503660.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.97944448712.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256199192.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98275407433.000001C368BF1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256441097.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256331036.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254484674.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256531500.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254875736.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256090537.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254309833.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254799580.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256152791.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256618602.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256702874.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255248091.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255899577.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256875828.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255823429.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: onestart_installer.exe, 00000007.00000003.97944503660.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.97944448712.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256199192.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98275407433.000001C368BF1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256441097.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256331036.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254484674.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256531500.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254875736.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256090537.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254309833.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254799580.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256152791.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256618602.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256702874.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255248091.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255899577.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256875828.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255823429.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: onestart.exe, 00000042.00000003.98371200554.000015300076C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.pki.goog/gsr1/gsr1.crl0;
Source: onestart.exe, 00000035.00000003.98355028622.000021A403300000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000035.00000003.98356109644.000021A403664000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98362740431.000015300092C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.0000153000974000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.0000153000979000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.0000153000984000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98358101035.0000153000130000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000746000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000740000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.000015300097E000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.0000153000989000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.000015300098E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.r2m02.amazontrust.com/r2m02.crl0u
Source: onestart.exe, 00000035.00000003.98355028622.000021A403300000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000035.00000003.98356109644.000021A403664000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.0000153000974000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.0000153000979000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98352506273.00001530001DD000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.0000153000984000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98358101035.0000153000130000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000746000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000740000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.000015300097E000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.0000153000989000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.000015300098E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: onestart.exe, 00000035.00000003.98355028622.000021A403300000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000035.00000003.98356109644.000021A403664000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98358101035.0000153000130000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000746000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000740000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.rootg2.amazontrust.com/rootg2.crl0
Source: onestart_installer.exe, 00000007.00000003.97944503660.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.97944448712.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256199192.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98275407433.000001C368BF1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256441097.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256331036.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254484674.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256531500.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254875736.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256090537.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254309833.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254799580.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256152791.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256618602.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256702874.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255248091.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255899577.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256875828.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255823429.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: explorer.exe, 00000050.00000000.98338484448.0000000000EB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0
Source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: onestart_installer.exe, 00000007.00000003.97944503660.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.97944448712.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256199192.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98275407433.000001C368BF1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256441097.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256331036.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254484674.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256531500.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254875736.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256090537.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254309833.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254799580.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256152791.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256618602.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256702874.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255248091.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255899577.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256875828.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255823429.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: onestart_installer.exe, 00000007.00000003.97944503660.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.97944448712.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256199192.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98275407433.000001C368BF1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256441097.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256331036.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254484674.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256531500.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254875736.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256090537.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254309833.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254799580.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256152791.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256618602.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256702874.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255248091.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255899577.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256875828.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255823429.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: onestart.exe, 00000035.00000003.98355028622.000021A403300000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000035.00000003.98356109644.000021A403664000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98362740431.000015300092C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.0000153000974000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.0000153000979000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.0000153000984000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98358101035.0000153000130000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000746000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000740000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.000015300097E000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.0000153000989000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.000015300098E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.r2m02.amazontrust.com/r2m02.cer0
Source: onestart.exe, 00000035.00000003.98355028622.000021A403300000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000035.00000003.98356109644.000021A403664000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.0000153000974000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.0000153000979000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98352506273.00001530001DD000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.0000153000984000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98358101035.0000153000130000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000746000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000740000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.000015300097E000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.0000153000989000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.000015300098E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: onestart.exe, 00000035.00000003.98355028622.000021A403300000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000035.00000003.98356109644.000021A403664000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98358101035.0000153000130000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000746000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000740000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.rootg2.amazontrust.com/rootg2.cer0=
Source: onestart.exe, 00000035.00000003.98365573411.000021A403640000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98371200554.000015300076C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://i.pki.goog/r1.crt0
Source: onestart.exe, 00000035.00000003.98365573411.000021A403640000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98371200554.000015300076C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://i.pki.goog/wr2.crt0;
Source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
Source: onestart_installer.exe, 00000007.00000002.98286591720.00004D4C00284000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://log.onestart.ai/
Source: onestart_installer.exe, 00000007.00000002.98286591720.00004D4C00284000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://log.onestart.ai/tart.ai
Source: onestart_installer.exe, 00000007.00000002.98286591720.00004D4C00284000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://log.onestart.ai/tart.aiHost:
Source: onestart.exe, 00000035.00000003.98365573411.000021A403640000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98371200554.000015300076C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://o.pki.goog/wr20%
Source: onestart.exe, 00000035.00000003.98355028622.000021A403300000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000035.00000003.98356109644.000021A403664000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98358101035.0000153000130000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000746000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000740000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://o.ss2.us/0
Source: explorer.exe, 00000050.00000000.98338484448.0000000000EB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: onestart_installer.exe, 00000007.00000003.97944503660.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.97944448712.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256199192.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98275407433.000001C368BF1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256441097.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256331036.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254484674.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256531500.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254875736.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256090537.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254309833.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254799580.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256152791.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256618602.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256702874.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255248091.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255899577.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256875828.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255823429.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: onestart_installer.exe, 00000007.00000003.97944503660.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.97944448712.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256199192.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98275407433.000001C368BF1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256441097.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256331036.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254484674.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256531500.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254875736.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256090537.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254309833.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254799580.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256152791.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256618602.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256702874.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255248091.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255899577.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256875828.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255823429.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0K
Source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: onestart_installer.exe, 00000007.00000003.97944503660.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.97944448712.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256199192.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98275407433.000001C368BF1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256441097.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256331036.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254484674.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256531500.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254875736.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256090537.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254309833.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254799580.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256152791.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256618602.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256702874.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255248091.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255899577.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256875828.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255823429.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 00000050.00000000.98358458996.0000000009883000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crl
Source: onestart_installer.exe, 00000007.00000003.97944503660.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.97944448712.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256199192.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98275407433.000001C368BF1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256441097.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256331036.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254484674.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256531500.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254875736.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256090537.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254309833.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254799580.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256152791.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256618602.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256702874.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255248091.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255899577.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256875828.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255823429.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: onestart_installer.exe, 00000007.00000003.97944503660.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.97944448712.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256199192.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98275407433.000001C368BF1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256441097.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256331036.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254484674.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256531500.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254875736.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256090537.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254309833.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254799580.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256152791.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256618602.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256702874.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255248091.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255899577.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256875828.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255823429.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: onestart.exe, 00000042.00000003.98371200554.000015300076C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.goog/gsr10)
Source: onestart.exe, 00000035.00000003.98355028622.000021A403300000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000035.00000003.98356109644.000021A403664000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98362740431.000015300092C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.0000153000974000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.0000153000979000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.0000153000984000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98358101035.0000153000130000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000746000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000740000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.000015300097E000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.0000153000989000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.000015300098E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.r2m02.amazontrust.com06
Source: onestart.exe, 00000035.00000003.98355028622.000021A403300000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000035.00000003.98356109644.000021A403664000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.0000153000974000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.0000153000979000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98352506273.00001530001DD000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.0000153000984000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98358101035.0000153000130000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000746000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000740000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.000015300097E000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.0000153000989000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.000015300098E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: onestart.exe, 00000035.00000003.98355028622.000021A403300000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000035.00000003.98356109644.000021A403664000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98358101035.0000153000130000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000746000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000740000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootg2.amazontrust.com08
Source: onestart.exe, 00000042.00000003.98371200554.000015300076C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://pki.goog/gsr1/gsr1.crt02
Source: onestart.exe, 00000035.00000003.98355028622.000021A403300000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000035.00000003.98356109644.000021A403664000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98358101035.0000153000130000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000746000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000740000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://s.ss2.us/r.crl0
Source: explorer.exe, 00000050.00000000.98359364826.00000000099B7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.mic
Source: explorer.exe, 00000050.00000000.98345720423.00000000034F0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000050.00000000.98363800507.0000000009F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000050.00000000.98367021438.000000000ABC0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
Source: onestart_installer.exe, 00000007.00000003.97944503660.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.97944448712.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256199192.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98275407433.000001C368BF1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256441097.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256331036.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254484674.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256531500.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254875736.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256090537.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254309833.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254799580.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256152791.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256618602.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256702874.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255248091.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255899577.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256875828.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255823429.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: onestart_installer.exe, 00000007.00000003.97944503660.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.97944448712.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256199192.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98275407433.000001C368BF1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256441097.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256331036.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254484674.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256531500.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254875736.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256090537.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254309833.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254799580.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256152791.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256618602.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256702874.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255248091.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255899577.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256875828.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255823429.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: onestart.exe, 00000035.00000003.98335289474.000021A403304000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000035.00000003.98355028622.000021A403304000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
Source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: onestart.exe, 0000004C.00000002.98331086269.000001E321DE2000.00000002.00000001.00040000.00000026.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
Source: onestart.exe, 00000035.00000003.98355028622.000021A403300000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000035.00000003.98356109644.000021A403664000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98358101035.0000153000130000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000746000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000740000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://x.ss2.us/x.cer0&
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://Ahttps://www.google.com/search?q=
Source: setup.exe, 00000008.00000003.98255622349.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/binaryformatter
Source: setup.exe, 00000008.00000003.98255622349.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/dotnet-warnings/
Source: explorer.exe, 00000050.00000000.98359364826.0000000009A19000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmSz
Source: setup.exe, 00000008.00000003.98255622349.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/serializationformat-binary-obsolete
Source: onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
Source: explorer.exe, 00000050.00000000.98359364826.0000000009BB8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000050.00000000.98358458996.00000000098E7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/sports/blended?market=en-us&satoriid=0205a87c-40a4-f50a-bd29-fb657b2a594f&user=m
Source: explorer.exe, 00000050.00000000.98346003913.0000000003500000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000050.00000000.98359364826.0000000009BB8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
Source: explorer.exe, 00000050.00000000.98359364826.0000000009BB8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/x
Source: explorer.exe, 00000050.00000000.98372517106.000000000D8F7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://api.onestart.ai
Source: onestart_installer.exe, 00000007.00000003.97898663028.00004D4C0031C000.00000004.00001000.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.97898731481.00004D4C0031C000.00000004.00001000.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000002.98287276938.00004D4C002D5000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000035.00000003.98305576984.000021A402DD8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98327170653.000056800031C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98327327536.000056800031C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.onestart.ai/api/bb/updates.txt
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://api.unsplash.com/search/photos
Source: onestart_installer.exe, 00000007.00000000.97872296556.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000002.98288772731.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmp, setup.exe, 00000008.00000000.97946763569.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.98282737220.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.97948101420.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000002.98268978733.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000000.98262445865.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000002.98272326005.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000000.98263812387.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, onestart.exe, 00000035.00000000.98270841411.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000038.00000000.98272552957.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000003C.00000000.98273931520.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000040.00000000.98289669945.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000042.00000000.98296837315.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000043.00000000.98301057690.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000045.00000000.98306421942.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004B.00000003.98352273497.0000568001204000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000000.98320520583.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004C.00000000.98321644954.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://api2.onestart.ai/api/bb/updates.txt
Source: explorer.exe, 00000050.00000000.98359364826.0000000009BB8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com?N
Source: explorer.exe, 00000050.00000000.98358458996.00000000098E7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn
Source: onestart.exe, 0000004B.00000003.98334576311.00000210CCC60000.00000004.00000800.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98333035316.000056800031C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98332688892.000056800031C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98333316423.0000568000320000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98333316423.000056800032A000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98332688892.000056800032A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://atlasox.s3.amazonaws.com/bb/OneStartSetup-v10.116.180.0.msi
Source: explorer.exe, 00000050.00000000.98358458996.0000000009883000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.c
Source: explorer.exe, 00000050.00000000.98358458996.0000000009883000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fgwm-dark
Source: onestart.exe, 00000042.00000003.98362383434.00001530007B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css
Source: onestart.exe, 00000042.00000003.98362383434.00001530007B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/pdf.js/3.11.174/pdf.worker.min.js
Source: onestart.exe, 00000035.00000003.98355028622.000021A403304000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: notification_helper.exe, 00000030.00000003.98261503636.00000578000E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
Source: onestart.exe, 00000042.00000003.98362383434.00001530007B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: onestart.exe, onestart.exe, 0000004C.00000000.98321644954.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004D.00000000.98326937877.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000051.00000000.98336477526.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://crashpad.chromium.org/
Source: onestart.exe, onestart.exe, 0000004C.00000000.98321644954.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004D.00000000.98326937877.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000051.00000000.98336477526.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: setup.exe, 00000008.00000000.97946763569.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.98282737220.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.97948101420.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000002.98268978733.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000000.98262445865.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000002.98272326005.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000000.98263812387.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, onestart.exe, 00000035.00000000.98270841411.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000038.00000000.98272552957.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000003C.00000000.98273931520.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000040.00000000.98289669945.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000042.00000000.98296837315.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000043.00000000.98301057690.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000045.00000000.98306421942.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004B.00000000.98320520583.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004C.00000000.98321644954.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004D.00000000.98326937877.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000051.00000000.98336477526.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/593024
Source: onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/650547
Source: onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/655534
Source: onestart.exe, 00000042.00000003.98315071874.0000153000120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1
Source: onestart.exe, 00000042.00000003.98315071874.0000153000120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control:
Source: onestart.exe, 00000042.00000003.98315071874.0000153000120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1d
Source: onestart_installer.exe, 00000007.00000000.97872296556.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000002.98288772731.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmp, setup.exe, 00000008.00000000.97946763569.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.98282737220.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.97948101420.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000002.98268978733.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000000.98262445865.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000002.98272326005.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000000.98263812387.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, onestart.exe, 00000035.00000000.98270841411.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000038.00000000.98272552957.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000003C.00000000.98273931520.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000040.00000000.98289669945.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000042.00000000.98296837315.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000043.00000000.98301057690.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000045.00000000.98306421942.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004B.00000003.98352273497.0000568001204000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000000.98320520583.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004C.00000000.98321644954.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: onestart.exe, 0000004B.00000003.98334576311.00000210CCC60000.00000004.00000800.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98333035316.000056800031C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98332688892.000056800031C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98333316423.0000568000320000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98333316423.000056800032A000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98332688892.000056800032A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d1cvahyfkfdxyq.cloudfront.net/OneStartSetup-v10.116.180.0.msi
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://duckduckgo.com/?q=
Source: explorer.exe, 00000050.00000000.98372517106.000000000D8F7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com:
Source: onestart.exe, 00000042.00000003.98365544510.00001530009D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css2?family=Changa&family=Dancing
Source: onestart.exe, 00000042.00000003.98362383434.00001530007B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css2?family=Work
Source: onestart.exe, 00000042.00000003.98371200554.000015300076E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com
Source: onestart.exe, 00000051.00000003.98351920215.00000BC800890000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000051.00000003.98350970611.00000BC800884000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000051.00000003.98351281091.00000BC800770000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000051.00000003.98349847414.00000BC800798000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fullscreen.spec.whatwg.org/#user-agent-level-style-sheet-defaults:
Source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
Source: setup.exe, 00000008.00000003.98254799580.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dahall/taskscheduler
Source: setup.exe, 00000008.00000003.98255763240.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255541897.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
Source: setup.exe, 00000008.00000003.98255763240.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255541897.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
Source: setup.exe, 00000008.00000003.98255453738.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e3958
Source: setup.exe, 00000008.00000003.98255453738.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e39588
Source: setup.exe, 00000008.00000003.98255712240.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255395573.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f
Source: setup.exe, 00000008.00000003.98255712240.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255395573.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8
Source: setup.exe, 00000008.00000003.98255622349.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/roslyn/issues/46646
Source: setup.exe, 00000008.00000003.98255622349.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/roslyn/issues/46646~
Source: setup.exe, 00000008.00000003.98255622349.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254750380.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/runtime
Source: setup.exe, 00000008.00000003.98255622349.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/runtime/issues/73124.
Source: setup.exe, 00000008.00000003.98255622349.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/runtime8
Source: setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgaffigan/WpfAppBar
Source: setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tmenier/Flurl.git
Source: setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tmenier/Flurl.git5
Source: setup.exe, 00000008.00000003.98255823429.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/unitycontainer/abstractions
Source: setup.exe, 00000008.00000003.98255823429.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/unitycontainer/abstractions;
Source: setup.exe, 00000008.00000003.98255899577.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/unitycontainer/unity
Source: onestart.exe, 00000051.00000003.98351920215.00000BC800890000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000051.00000003.98350970611.00000BC800884000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000051.00000003.98351281091.00000BC800770000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000051.00000003.98349847414.00000BC800798000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/6939#issuecomment-1016679588
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://gmail.com/
Source: onestart.exe, 00000051.00000003.98351920215.00000BC800890000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000051.00000003.98350970611.00000BC800884000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000051.00000003.98351281091.00000BC800770000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000051.00000003.98349847414.00000BC800798000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/C/#the-details-and-summary-elements
Source: onestart.exe, 00000051.00000003.98351920215.00000BC800890000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000051.00000003.98350970611.00000BC800884000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000051.00000003.98351281091.00000BC800770000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000051.00000003.98349847414.00000BC800798000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#bidi-rendering
Source: onestart.exe, 00000051.00000003.98351920215.00000BC800890000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000051.00000003.98350970611.00000BC800884000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000051.00000003.98351281091.00000BC800770000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000051.00000003.98349847414.00000BC800798000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#flow-content-3
Source: onestart.exe, 00000051.00000003.98351920215.00000BC800890000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000051.00000003.98350970611.00000BC800884000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000051.00000003.98351281091.00000BC800770000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000051.00000003.98349847414.00000BC800798000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#hidden-elements
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://instagram.com/
Source: onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
Source: onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/292285899
Source: onestart_installer.exe, 00000007.00000000.97872296556.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000002.98288772731.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmp, setup.exe, 00000008.00000000.97946763569.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.98282737220.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.97948101420.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000002.98268978733.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000000.98262445865.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000002.98272326005.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000000.98263812387.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, onestart.exe, 00000035.00000000.98270841411.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000038.00000000.98272552957.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000003C.00000000.98273931520.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000040.00000000.98289669945.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000042.00000000.98296837315.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000043.00000000.98301057690.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000045.00000000.98306421942.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004B.00000003.98352273497.0000568001204000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000000.98320520583.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004C.00000000.98321644954.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://log.onestart.ai
Source: onestart_installer.exe, 00000007.00000000.97872296556.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000002.98288772731.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://log.onestart.aihttps://api2.onestart.ai/api/bb/updates.txt%LOCALAPPDATA%namerwhttps://manual
Source: setup.exe, 00000008.00000000.97946763569.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.98282737220.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.97948101420.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000002.98268978733.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000000.98262445865.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000002.98272326005.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000000.98263812387.00007FF733659000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://log.onestart.aihttps://api2.onestart.ai/api/bb/updates.txt%LOCALAPPDATA%rw
Source: onestart.exe, 0000004B.00000003.98352273497.0000568001204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://log.onestart.aihttps://api2.onestart.ai/api/bb/updates.txtLOCALAPPDATAhttps://onestart.ai/ch
Source: onestart.exe, 00000035.00000000.98270841411.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000038.00000000.98272552957.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000003C.00000000.98273931520.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000040.00000000.98289669945.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000042.00000000.98296837315.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000043.00000000.98301057690.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000045.00000000.98306421942.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004B.00000000.98320520583.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004C.00000000.98321644954.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004D.00000000.98326937877.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000051.00000000.98336477526.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://log.onestart.aihttps://api2.onestart.ai/api/bb/updates.txtupdater0_startup_FEEC5A57CD704E4EA
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://log2.onestart.ai
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://login.aol.com/
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://login.yahoo.com/
Source: onestart_installer.exe, 00000007.00000000.97872296556.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000002.98288772731.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://manual.onestart.ai
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://manualslib.com
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://maps.google.com/
Source: onestart.exe, 00000042.00000003.98366335904.000015300084C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai
Source: onestart.exe, 00000042.00000003.98360205232.000015300074C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/
Source: onestart.exe, 00000042.00000003.98360205232.000015300074C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/blog
Source: onestart.exe, 00000042.00000003.98360205232.000015300074C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/browser
Source: onestart_installer.exe, 00000007.00000002.98286553668.00004D4C00278000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000008.00000000.97946763569.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.98282737220.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.97948101420.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000002.98268978733.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000000.98262445865.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000002.98272326005.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000000.98263812387.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, onestart.exe, 00000035.00000000.98270841411.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000038.00000000.98272552957.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000003C.00000000.98273931520.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000040.00000000.98289669945.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000042.00000000.98296837315.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000043.00000000.98301057690.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000045.00000000.98306421942.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004B.00000003.98352273497.0000568001204000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000000.98320520583.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004C.00000000.98321644954.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://onestart.ai/chr/gcsett?iid=
Source: onestart.exe, 00000035.00000003.98336790367.000021A4027AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/chr/gcsett?iid=d1b005fc-9638-4680-912d-46fbd5b0c6ec
Source: onestart_installer.exe, 00000007.00000002.98286237643.00004D4C00250000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/chr/gcsett?iid=fhnid=ip&product=2&bversion=126.0.6478.128&wversion=4.5.247.2fhni
Source: onestart_installer.exe, 00000007.00000000.97872296556.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000002.98288772731.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://onestart.ai/chr/gcsett?iid=logglydomainupdateurlexblsowlumlewmle&wversion=&bversion=fhnid=fh
Source: onestart.exe, 00000035.00000000.98270841411.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000038.00000000.98272552957.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000003C.00000000.98273931520.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000040.00000000.98289669945.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000042.00000000.98296837315.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000043.00000000.98301057690.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000045.00000000.98306421942.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004B.00000000.98320520583.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004C.00000000.98321644954.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004D.00000000.98326937877.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000051.00000000.98336477526.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://onestart.ai/chr/gcsett?iid=logglydomainupdateurlexblsowlumlewmleSOFTWARE
Source: onestart.exe, 00000035.00000003.98336790367.000021A4027AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/chr/newtab?iid=d1b005fc-9638-4680-912d-46fbd5b0c6ec
Source: onestart_installer.exe, 00000007.00000000.97872296556.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000002.98288772731.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmp, onestart.exe, 0000004B.00000003.98352273497.0000568001204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/chr/ri?
Source: onestart_installer.exe, 00000007.00000002.98286746850.00004D4C00288000.00000004.00001000.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000002.98286481832.00004D4C00274000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/chr/ri?fhnid=ip&product=2&bversion=126.0.6478.128&wversion=4.5.247.2
Source: onestart_installer.exe, 00000007.00000002.98286746850.00004D4C00288000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/chr/ri?fhnid=ip&product=2&bversion=126.0.6478.128&wversion=4.5.247.2ML(
Source: onestart_installer.exe, 00000007.00000002.98286481832.00004D4C00274000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/chr/ri?fhnid=ip&product=2&bversion=126.0.6478.128&wversion=4.5.247.2Start
Source: onestart.exe, 0000004B.00000003.98352273497.0000568001204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/chr/ri?productbrowsertyphttps://onestart.ai/chr/ui?iid=
Source: onestart_installer.exe, 00000007.00000000.97872296556.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000002.98288772731.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmp, onestart.exe, 0000004B.00000003.98352273497.0000568001204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/chr/ui?iid=
Source: setup.exe, 00000008.00000000.97946763569.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.98282737220.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.97948101420.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000002.98268978733.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000000.98262445865.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000002.98272326005.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000000.98263812387.00007FF733659000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://onestart.ai/chr/uninstall?iid=
Source: setup.exe, 00000008.00000000.97946763569.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.98282737220.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.97948101420.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000002.98268978733.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000000.98262445865.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000002.98272326005.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000000.98263812387.00007FF733659000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://onestart.ai/chr/uninstall?iid=https://onestart.ai/chr/gcsett?iid=logglydomainupdateurlexblso
Source: onestart.exe, 00000042.00000003.98360205232.000015300074C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/contact-us
Source: onestart.exe, 00000042.00000003.98360205232.000015300074C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/content
Source: onestart.exe, 00000042.00000003.98360205232.000015300074C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/dashboard
Source: onestart.exe, 00000042.00000003.98360205232.000015300074C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/features
Source: onestart.exe, 00000042.00000003.98360205232.000015300074C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/partner
Source: onestart.exe, 00000042.00000003.98360205232.000015300074C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/privacy-policy
Source: onestart.exe, 00000042.00000003.98360205232.000015300074C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/release-notes
Source: onestart.exe, 00000042.00000003.98360205232.000015300074C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/resources/files/OneStartInstaller-v5.5.240.0.msi
Source: onestart.exe, 00000042.00000003.98360205232.000015300074C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/terms-of-use
Source: onestart.exe, 00000042.00000003.98360205232.000015300074C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/uninstall
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://onestart.ai9https://onestart.ai/welcome/=https://onestart.ai/uninstall/Ghttps://onestart.ai/
Source: explorer.exe, 00000050.00000000.98372517106.000000000D8F7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://outlook.live.com/owa/
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pc.game/games.html
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pc.game/games.html#action#pc_game_adventure
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pc.game/games.html#adventure
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pc.game/games.html#arcade)pc_game_battleroyale
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pc.game/games.html#board
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pc.game/games.html#casual
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pc.game/games.html#platform
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pc.game/games.html#puzzle
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pc.game/games.html#racing
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pc.game/games.html#rpg
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pc.game/games.html#shooter
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pc.game/games.html#strategy
Source: onestart.exe, 00000042.00000003.98371200554.0000153000770000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98362633964.0000153000770000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98372062638.0000153000765000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pdf.ones
Source: onestart.exe, 00000042.00000003.98362633964.0000153000770000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pdf.onesart.ai/
Source: onestart.exe, 00000042.00000003.98362383434.00001530007B0000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98362633964.0000153000770000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98368859346.000015300087C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98366335904.000015300084C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98367737098.000015300087C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pdf.onestart.ai/
Source: onestart.exe, 00000042.00000003.98366335904.000015300084C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pdf.onestart.ai/css/footer.css
Source: onestart.exe, 00000042.00000003.98366335904.000015300084C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pdf.onestart.ai/css/input.css
Source: onestart.exe, 00000042.00000003.98366335904.000015300084C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pdf.onestart.ai/css/main.css
Source: onestart.exe, 00000042.00000003.98366335904.000015300084C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pdf.onestart.ai/css/nav.css
Source: onestart.exe, 00000042.00000003.98362961053.0000153000828000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pdf.onestart.ai/css/normalize.css
Source: onestart.exe, 00000042.00000003.98362961053.0000153000828000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98366335904.000015300084C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pdf.onestart.ai/css/services.css
Source: onestart.exe, 00000042.00000003.98366335904.000015300084C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pdf.onestart.ai/css/tools.css
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pdf.onestart.ai/en/add-page-number
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pdf.onestart.ai/en/delete%Add
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pdf.onestart.ai/en/merge
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pdf.onestart.ai/en/pdf-to-excel
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pdf.onestart.ai/en/pdf-to-jpg
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pdf.onestart.ai/en/pdf-to-json
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pdf.onestart.ai/en/pdf-to-png
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pdf.onestart.ai/en/pdf-to-ppt
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pdf.onestart.ai/en/pdf-to-tiff
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pdf.onestart.ai/en/pdf-to-txt
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pdf.onestart.ai/en/pdf-to-word
Source: onestart.exe, 00000035.00000003.98350656225.000021A403620000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000035.00000003.98335289474.000021A403304000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000035.00000003.98355028622.000021A403304000.00000004.00001000.00020000.00000000.sdmp, DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmp, onestart.exe, 00000042.00000003.98366095710.00001530008D3000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98366335904.000015300084C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pdf.onestart.ai/en/pdfeditor
Source: onestart.exe, 00000042.00000003.98362740431.000015300092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pdf.onestart.ai/en/pdfeditoraccept-encodinggzip
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pdf.onestart.ai/en/rotate-pdf
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pdf.onestart.ai/en/split-pdf
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pdf.onestart.ai/en/watermark-image-pdf
Source: onestart.exe, 00000042.00000003.98362961053.0000153000828000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98366335904.000015300084C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pdf.onestart.ai/images/onestart/icon-edit.png
Source: onestart.exe, 00000042.00000003.98368859346.000015300087C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98367737098.000015300087C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pdf.onestart.ai/images/onestart/icon-merge.png
Source: onestart.exe, 00000042.00000003.98366335904.000015300084C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pdf.onestart.ai/images/onestart/onestart-logo.png
Source: onestart.exe, 00000042.00000003.98366335904.000015300084C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pdf.onestart.ai/js/editor.js
Source: onestart.exe, 00000042.00000003.98366335904.000015300084C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pdf.onestart.ai/js/editor.js0K(F
Source: explorer.exe, 00000050.00000000.98359364826.0000000009A91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.com
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://r.v2i8b.com/api/v1/bid/redirect?campaign_id=01GTER1X19F274KT48MCTDGTQG&url=https%3A%2F%2Fama
Source: onestart.exe, 0000004B.00000003.98334576311.00000210CCC60000.00000004.00000800.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98333035316.000056800031C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98332688892.000056800031C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98333316423.0000568000320000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98333316423.000056800032A000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98332688892.000056800032A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://resources.onestart.ai/onestart_installer_128.0.6613.125.exe
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.yahoo.com/search?p=
Source: onestart.exe, 00000045.00000002.98318181460.000002057060A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com
Source: onestart.exe, 00000045.00000002.98318181460.000002057060A000.00000004.10000000.00040000.00000000.sdmp, onestart.exe, 00000045.00000003.98308559154.00000205703AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com.txt
Source: onestart.exe, 00000045.00000003.98308559154.00000205703AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com;
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://templates.office.com/en-us/brochures
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://templates.office.com/en-us/budgets
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://templates.office.com/en-us/business
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://templates.office.com/en-us/flyers
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://templates.office.com/en-us/invoices
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://templates.office.com/en-us/letters
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://templates.office.com/en-us/presentations
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://templates.office.com/en-us/resumes-and-cover-letters
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://twitter.com/
Source: onestart.exe, 00000042.00000003.98362633964.0000153000770000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98366335904.000015300084C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://unpkg.com/boxicons
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://unsplash.com/
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=reb&command=
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://wbd_ol.ampxdirect.com/amazon?sub1=default&sub2=amazon
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://web.whatsapp.com/
Source: explorer.exe, 00000050.00000000.98358458996.0000000009883000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/r
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.craigslist.org/
Source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: onestart.exe, 00000035.00000003.98336790367.000021A4027AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dillards.com/webapp/wcs/stores/servlet/OrderItemDisplay
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
Source: onestart.exe, 00000035.00000003.98336790367.000021A4027AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: onestart.exe, 00000035.00000003.98336790367.000021A4027AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: onestart.exe, 00000045.00000002.98322902715.000030AC00068000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000045.00000002.98323741603.000030AC00138000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000045.00000002.98318181460.000002057060A000.00000004.10000000.00040000.00000000.sdmp, onestart.exe, 00000045.00000003.98313496043.0000020570396000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/
Source: onestart.exe, 00000045.00000002.98322902715.000030AC00068000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000045.00000002.98323741603.000030AC00138000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000045.00000002.98318181460.000002057060A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/&Download
Source: onestart.exe, 00000045.00000003.98313496043.0000020570396000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/.
Source: onestart.exe, 00000045.00000003.98308559154.00000205703AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/:
Source: onestart.exe, 00000045.00000003.98313496043.0000020570396000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/wp-content/uploads/2018/04/cropped-e-32x32.png
Source: onestart.exe, 00000045.00000003.98313496043.0000020570396000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/wp-content/uploads/2018/04/cropped-e-32x32.pngK
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.epicurious.com/search/Fhttps://www.foodnetwork.com/search/dhttps://www.myfoodandfamily.c
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.epicurious.com/search/Ghttps://www.foodnetwork.com/search/
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.etsy.com/
Source: onestart_installer.exe, 00000007.00000003.97944503660.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.97944448712.000001DAAE9DC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256199192.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98275407433.000001C368BF1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256441097.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256331036.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254484674.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256531500.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254875736.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256090537.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254309833.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254799580.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256152791.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256618602.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256702874.000001C366C57000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255248091.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255899577.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98256875828.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98255823429.000001C366C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: onestart.exe, 00000045.00000003.98313496043.0000020570396000.00000004.00000020.00020000.00000000.sdmp, onestart.exe, 00000045.00000003.98308559154.00000205703AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-na-us-chrome-bubble&utm_
Source: onestart.exe, 00000045.00000003.98313496043.0000020570396000.00000004.00000020.00020000.00000000.sdmp, onestart.exe, 00000045.00000003.98308559154.00000205703AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/next-steps.html?brand=CHWL&statcb=0&installdataindex=empty&defaultbrow
Source: onestart.exe, 00000045.00000003.98313496043.0000020570396000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-32x32.png
Source: onestart.exe, 00000045.00000003.98313496043.0000020570396000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/favicon.ico
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.google.com/search?q=
Source: onestart.exe, 00000045.00000003.98313496043.0000020570396000.00000004.00000020.00020000.00000000.sdmp, onestart.exe, 00000045.00000003.98308559154.00000205703AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=eicar
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.greetingsisland.com/cards
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.inoreader.com/search/feeds/category/business%20%26%20finance%inoreader_industry
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.inoreader.com/search/feeds/category/hobby%20%26%20lifestyle
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.inoreader.com/search/feeds/category/industry%20insights
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.inoreader.com/search/feeds/category/marketing%20%26%20media
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.inoreader.com/search/feeds/category/skills%20%26%20learning#inoreader_hobbies
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.inoreader.com/search/feeds/category/sports#shell:appsFolder
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.inoreader.com/search/feeds/category/tech%20news%20%26%20trends%inoreader_business
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.inoreader.com/search/feeds/category/top%20news
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.jotform.com/form-templates/
Source: onestart.exe, 00000035.00000003.98336790367.000021A4027AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.llbean.com/webapp/wcs/stores/servlet/LLBShoppingCartDisplay
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.messenger.com/
Source: explorer.exe, 00000050.00000000.98358458996.0000000009883000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/tracee-ellis-ross-wedge-ponytail-is-a-new-way-to-
Source: explorer.exe, 00000050.00000000.98358458996.0000000009883000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/sen-tuberville-blocks-promotion-of-lloyd-austin-s-top-military-aid
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.myfoodandfamily.com/search?searchTerm=9https://www.food.com/search/Ihttps://www.allrecip
Source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/json
Source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.pinterest.com/
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.reddit.com/
Source: setup.exe, 00000008.00000000.97946763569.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.98282737220.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.97948101420.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000002.98268978733.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000000.98262445865.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000002.98272326005.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000000.98263812387.00007FF733659000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.surveymonkey.com/r/WTCWGRKstart
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.tiktok.com/trending/?lang=en
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.tumblr.com/
Source: DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.walmart.com/
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CA66B0 GetProcAddress,NtQueryInformationProcess,ReadProcessMemory,ReadProcessMemory,ReadProcessMemory,LocalFree,GetLastError,FreeLibrary,68_2_00CA66B0
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\e037f6.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI397D.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3A1A.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3A79.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{B96A3B94-FEB2-4492-85C6-20655FBC02EE}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3B16.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3B36.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3C22.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI629.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI397D.tmpJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF73340CC288_2_00007FF73340CC28
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF73340A8208_2_00007FF73340A820
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF73340CE508_2_00007FF73340CE50
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF73340BC408_2_00007FF73340BC40
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF7334038E08_2_00007FF7334038E0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF733403D108_2_00007FF733403D10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF73340B9008_2_00007FF73340B900
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF73340AEC08_2_00007FF73340AEC0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF73340DEC08_2_00007FF73340DEC0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF7334017608_2_00007FF733401760
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF733401D608_2_00007FF733401D60
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF73340BB728_2_00007FF73340BB72
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF733403B708_2_00007FF733403B70
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF73340A5608_2_00007FF73340A560
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF73355C95C8_2_00007FF73355C95C
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF7334037808_2_00007FF733403780
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF73347B1908_2_00007FF73347B190
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF733402FE08_2_00007FF733402FE0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF7334059E08_2_00007FF7334059E0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF7334025D08_2_00007FF7334025D0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 9_2_00007FF73340CC289_2_00007FF73340CC28
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 9_2_00007FF73340A8209_2_00007FF73340A820
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 9_2_00007FF73340CE509_2_00007FF73340CE50
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 9_2_00007FF73340BC409_2_00007FF73340BC40
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 9_2_00007FF7334038E09_2_00007FF7334038E0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 9_2_00007FF733403D109_2_00007FF733403D10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 9_2_00007FF73340B9009_2_00007FF73340B900
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 9_2_00007FF73340AEC09_2_00007FF73340AEC0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 9_2_00007FF73340DEC09_2_00007FF73340DEC0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 9_2_00007FF7334017609_2_00007FF733401760
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 9_2_00007FF733401D609_2_00007FF733401D60
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 9_2_00007FF73340BB729_2_00007FF73340BB72
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 9_2_00007FF733403B709_2_00007FF733403B70
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 9_2_00007FF73340A5609_2_00007FF73340A560
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 9_2_00007FF73355C95C9_2_00007FF73355C95C
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 9_2_00007FF7334037809_2_00007FF733403780
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 9_2_00007FF73347B1909_2_00007FF73347B190
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 9_2_00007FF733402FE09_2_00007FF733402FE0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 9_2_00007FF7334059E09_2_00007FF7334059E0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 9_2_00007FF7334025D09_2_00007FF7334025D0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 50_2_00007FF73340CC2850_2_00007FF73340CC28
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 50_2_00007FF73340A82050_2_00007FF73340A820
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 50_2_00007FF73340CE5050_2_00007FF73340CE50
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 50_2_00007FF73340BC4050_2_00007FF73340BC40
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 50_2_00007FF7334038E050_2_00007FF7334038E0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 50_2_00007FF733403D1050_2_00007FF733403D10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 50_2_00007FF73340B90050_2_00007FF73340B900
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 50_2_00007FF73340AEC050_2_00007FF73340AEC0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 50_2_00007FF73340DEC050_2_00007FF73340DEC0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 50_2_00007FF73340176050_2_00007FF733401760
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 50_2_00007FF733401D6050_2_00007FF733401D60
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 50_2_00007FF73340BB7250_2_00007FF73340BB72
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 50_2_00007FF733403B7050_2_00007FF733403B70
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 50_2_00007FF73340A56050_2_00007FF73340A560
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 50_2_00007FF73355C95C50_2_00007FF73355C95C
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 50_2_00007FF73340378050_2_00007FF733403780
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 50_2_00007FF73347B19050_2_00007FF73347B190
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 50_2_00007FF733402FE050_2_00007FF733402FE0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 50_2_00007FF7334059E050_2_00007FF7334059E0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 50_2_00007FF7334025D050_2_00007FF7334025D0
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CD7E0B68_2_00CD7E0B
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CD149068_2_00CD1490
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CAD4A068_2_00CAD4A0
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CCB4A068_2_00CCB4A0
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CE34B068_2_00CE34B0
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CDF44368_2_00CDF443
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CD367F68_2_00CD367F
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CD181E68_2_00CD181E
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CE4C0F68_2_00CE4C0F
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CDCD1968_2_00CDCD19
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B6F0CB3069_2_00007FF7B6F0CB30
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B709882469_2_00007FF7B7098824
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B70170D069_2_00007FF7B70170D0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B709DF2469_2_00007FF7B709DF24
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B7065F4069_2_00007FF7B7065F40
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B6F12F8069_2_00007FF7B6F12F80
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B6F5779069_2_00007FF7B6F57790
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B7040FA069_2_00007FF7B7040FA0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B6F9E7D069_2_00007FF7B6F9E7D0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B70457C069_2_00007FF7B70457C0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B6F0F01069_2_00007FF7B6F0F010
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B709862069_2_00007FF7B7098620
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B6F25E8069_2_00007FF7B6F25E80
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B703D6D069_2_00007FF7B703D6D0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B710E70069_2_00007FF7B710E700
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B710ED4069_2_00007FF7B710ED40
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B7105D2069_2_00007FF7B7105D20
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B6F2754069_2_00007FF7B6F27540
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B7042D5069_2_00007FF7B7042D50
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B6F0FD5069_2_00007FF7B6F0FD50
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B70A0D3C69_2_00007FF7B70A0D3C
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B6F67D7069_2_00007FF7B6F67D70
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B7095D8069_2_00007FF7B7095D80
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B6F18DD069_2_00007FF7B6F18DD0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B707F5C069_2_00007FF7B707F5C0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B70BC60469_2_00007FF7B70BC604
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B709E43069_2_00007FF7B709E430
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B6F1242069_2_00007FF7B6F12420
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B704B43069_2_00007FF7B704B430
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B6F5FC3069_2_00007FF7B6F5FC30
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B7086C4069_2_00007FF7B7086C40
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B6F7948069_2_00007FF7B6F79480
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B70124B069_2_00007FF7B70124B0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B70464A069_2_00007FF7B70464A0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B6F2650069_2_00007FF7B6F26500
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B7072D1069_2_00007FF7B7072D10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B6F44B2069_2_00007FF7B6F44B20
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B709631869_2_00007FF7B7096318
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B70BC31C69_2_00007FF7B70BC31C
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B70A5B3C69_2_00007FF7B70A5B3C
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B6F4237069_2_00007FF7B6F42370
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B701B3A069_2_00007FF7B701B3A0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B704E3E069_2_00007FF7B704E3E0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B703FC1069_2_00007FF7B703FC10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B701440069_2_00007FF7B7014400
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B706F40069_2_00007FF7B706F400
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B70C923069_2_00007FF7B70C9230
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B6F05A1069_2_00007FF7B6F05A10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B7098A2869_2_00007FF7B7098A28
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B6F5F31069_2_00007FF7B6F5F310
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B70C612469_2_00007FF7B70C6124
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B701A12069_2_00007FF7B701A120
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B701798069_2_00007FF7B7017980
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B704798069_2_00007FF7B7047980
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B710F1B069_2_00007FF7B710F1B0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B709DA1069_2_00007FF7B709DA10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B70BC9FC69_2_00007FF7B70BC9FC
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B6F0CB3076_2_00007FF7B6F0CB30
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B709882476_2_00007FF7B7098824
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B6F1303076_2_00007FF7B6F13030
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B70170D076_2_00007FF7B70170D0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B709DF2476_2_00007FF7B709DF24
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B7065F4076_2_00007FF7B7065F40
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B705678076_2_00007FF7B7056780
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B7040FA076_2_00007FF7B7040FA0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B6F9E7D076_2_00007FF7B6F9E7D0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B70457C076_2_00007FF7B70457C0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B6F0F01076_2_00007FF7B6F0F010
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B709862076_2_00007FF7B7098620
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B7055E7076_2_00007FF7B7055E70
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B6F25E8076_2_00007FF7B6F25E80
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B6F5C69076_2_00007FF7B6F5C690
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B703D6D076_2_00007FF7B703D6D0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B710E70076_2_00007FF7B710E700
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B710ED4076_2_00007FF7B710ED40
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B6F2754076_2_00007FF7B6F27540
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B7042D5076_2_00007FF7B7042D50
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B6F0FD5076_2_00007FF7B6F0FD50
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B70A0D3C76_2_00007FF7B70A0D3C
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B6F67D7076_2_00007FF7B6F67D70
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B7063D6076_2_00007FF7B7063D60
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B7095D8076_2_00007FF7B7095D80
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B6F18DD076_2_00007FF7B6F18DD0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B707F5C076_2_00007FF7B707F5C0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B70BC60476_2_00007FF7B70BC604
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B709E43076_2_00007FF7B709E430
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B6F1242076_2_00007FF7B6F12420
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B704B43076_2_00007FF7B704B430
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B7086C4076_2_00007FF7B7086C40
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B6F7948076_2_00007FF7B6F79480
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B70124B076_2_00007FF7B70124B0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B70464A076_2_00007FF7B70464A0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B6F2650076_2_00007FF7B6F26500
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B7072D1076_2_00007FF7B7072D10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B70CFD0076_2_00007FF7B70CFD00
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B6F44B2076_2_00007FF7B6F44B20
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B709631876_2_00007FF7B7096318
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B70BC31C76_2_00007FF7B70BC31C
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B70A5B3C76_2_00007FF7B70A5B3C
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B6F4237076_2_00007FF7B6F42370
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B701B3A076_2_00007FF7B701B3A0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B6F17BE076_2_00007FF7B6F17BE0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B704E3E076_2_00007FF7B704E3E0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B703FC1076_2_00007FF7B703FC10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B701440076_2_00007FF7B7014400
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B706F40076_2_00007FF7B706F400
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B70C923076_2_00007FF7B70C9230
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B6F05A1076_2_00007FF7B6F05A10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B7098A2876_2_00007FF7B7098A28
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B6F2AA4076_2_00007FF7B6F2AA40
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B709927876_2_00007FF7B7099278
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B70C612476_2_00007FF7B70C6124
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B701A12076_2_00007FF7B701A120
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B701798076_2_00007FF7B7017980
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B704798076_2_00007FF7B7047980
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B710F1B076_2_00007FF7B710F1B0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B709DA1076_2_00007FF7B709DA10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B70BC9FC76_2_00007FF7B70BC9FC
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: String function: 00007FF7B70CEB00 appears 502 times
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: String function: 00007FF7B7072960 appears 58 times
Source: C:\Windows\Installer\MSI629.tmpCode function: String function: 00CC9F53 appears 100 times
Source: C:\Windows\Installer\MSI629.tmpCode function: String function: 00CCA320 appears 39 times
Source: C:\Windows\Installer\MSI629.tmpCode function: String function: 00CC9F86 appears 72 times
Source: onestart_installer.exe.part.6.drStatic PE information: Resource name: B7 type: 7-zip archive data, version 0.4
Source: onestart_installer.exe.part.6.drStatic PE information: Resource name: BL type: Microsoft Cabinet archive data, Windows 2000/XP setup, 1587725 bytes, 1 file, at 0x2c "setup.exe", number 1, 101 datablocks, 0x1 compression
Source: setup.exe.7.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: OneStart.exe.75.drStatic PE information: Resource name: B7 type: 7-zip archive data, version 0.4
Source: OneStart.exe.75.drStatic PE information: Resource name: BL type: Microsoft Cabinet archive data, Windows 2000/XP setup, 1601993 bytes, 1 file, at 0x2c "setup.exe", number 1, 102 datablocks, 0x1 compression
Source: widevinecdm.dll.53.drStatic PE information: Number of sections : 13 > 10
Source: setup.exe.7.drStatic PE information: Number of sections : 12 > 10
Source: chrome.dll.8.drStatic PE information: Number of sections : 15 > 10
Source: classification engineClassification label: mal60.spyw.evad.winMSI@152/307@0/28
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B70F8AF0 FormatMessageW,GetLastError,LocalFree,69_2_00007FF7B70F8AF0
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CA62C0 CreateToolhelp32Snapshot,CloseHandle,Process32FirstW,OpenProcess,CloseHandle,Process32NextW,CloseHandle,68_2_00CA62C0
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CA6FE0 CoInitialize,CoCreateInstance,VariantInit,IUnknown_QueryService,IUnknown_QueryInterface_Proxy,IUnknown_QueryInterface_Proxy,CoAllowSetForegroundWindow,SysAllocString,SysAllocString,SysAllocString,VariantInit,LocalFree,OpenProcess,WaitForSingleObject,GetExitCodeProcess,CloseHandle,LocalFree,VariantClear,VariantClear,VariantClear,VariantClear,SysFreeString,VariantClear,CoUninitialize,68_2_00CA6FE0
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CA1D90 LoadResource,LockResource,SizeofResource,68_2_00CA1D90
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile created: C:\Program Files\chrome_url_fetcher_2028_845183606
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\InstallerJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeMutant created: \Sessions\1\BaseNamedObjects\673D39DD-C349-43DC-B4C1-A98E50C25D5E
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5104:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7568:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5716:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4928:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4272:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5104:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6060:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4236:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4620:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4396:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7444:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7388:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7044:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6060:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7132:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7044:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4620:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5716:304:WilStaging_02
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\ChromeSetupMutex_6568215876866717414
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7388:304:WilStaging_02
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2292:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7444:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2292:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2060:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7764:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7356:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7568:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4272:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4396:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4928:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7132:120:WilError_03
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\ChromeSetupExitEventMutex_6568215876866717414
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6392:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1568:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6392:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1568:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7764:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2060:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7356:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4236:304:WilStaging_02
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI24EB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeFile read: C:\Users\desktop.ini
Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: onestart.exe, 00000035.00000003.98305621300.000021A402D4C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE plus_addresses (profile_id VARCHAR PRIMARY KEY, facet VARCHAR, plus_address VARCHAR);
Source: setup.exeString found in binary or memory: <Chromium on jo asennettuna kaikille tietokoneen kyttjille.ENaka-install na ang Chromium para sa lahat ng user sa iyong computer
Source: setup.exeString found in binary or memory: jrjestelmvirhe. Lataa Chromium uudelleen.lMay naganap na error sa operating system sa panahon ng pag-install. Mangyaring i-downl
Source: setup.exeString found in binary or memory: mn virheen vuoksi. Lataa Chromium uudelleen.`Nabigo ang pag-install dahil sa hindi natukoy na error. Mangyaring i-download muli a
Source: setup.exeString found in binary or memory: .jChromiumista ei voi asentaa versiota, joka on tll hetkell kynniss. Sulje Chromium ja yrit uudelleen.sHindi ma-install ang
Source: setup.exeString found in binary or memory: Jy het nie die gepaste regte vir stelselvlak-installering nie. Probeer om die installeerder weer te laat loop as Administrateur.>
Source: setup.exeString found in binary or memory: Wala kang naaangkop na mga karapatan para sa pag-install sa antas ng system. Subukan muling patakbuhin ang installer bilang Admini
Source: setup.exeString found in binary or memory: <Chromium on jo asennettuna kaikille tietokoneen kyttjille.ENaka-install na ang Chromium para sa lahat ng user sa iyong computer
Source: setup.exeString found in binary or memory: jrjestelmvirhe. Lataa Chromium uudelleen.lMay naganap na error sa operating system sa panahon ng pag-install. Mangyaring i-downl
Source: setup.exeString found in binary or memory: mn virheen vuoksi. Lataa Chromium uudelleen.`Nabigo ang pag-install dahil sa hindi natukoy na error. Mangyaring i-download muli a
Source: setup.exeString found in binary or memory: .jChromiumista ei voi asentaa versiota, joka on tll hetkell kynniss. Sulje Chromium ja yrit uudelleen.sHindi ma-install ang
Source: setup.exeString found in binary or memory: Jy het nie die gepaste regte vir stelselvlak-installering nie. Probeer om die installeerder weer te laat loop as Administrateur.>
Source: setup.exeString found in binary or memory: Wala kang naaangkop na mga karapatan para sa pag-install sa antas ng system. Subukan muling patakbuhin ang installer bilang Admini
Source: setup.exeString found in binary or memory: <Chromium on jo asennettuna kaikille tietokoneen kyttjille.ENaka-install na ang Chromium para sa lahat ng user sa iyong computer
Source: setup.exeString found in binary or memory: jrjestelmvirhe. Lataa Chromium uudelleen.lMay naganap na error sa operating system sa panahon ng pag-install. Mangyaring i-downl
Source: setup.exeString found in binary or memory: mn virheen vuoksi. Lataa Chromium uudelleen.`Nabigo ang pag-install dahil sa hindi natukoy na error. Mangyaring i-download muli a
Source: setup.exeString found in binary or memory: .jChromiumista ei voi asentaa versiota, joka on tll hetkell kynniss. Sulje Chromium ja yrit uudelleen.sHindi ma-install ang
Source: setup.exeString found in binary or memory: Jy het nie die gepaste regte vir stelselvlak-installering nie. Probeer om die installeerder weer te laat loop as Administrateur.>
Source: setup.exeString found in binary or memory: Wala kang naaangkop na mga karapatan para sa pag-install sa antas ng system. Subukan muling patakbuhin ang installer bilang Admini
Source: onestart.exeString found in binary or memory: Try '%ls --help' for more information.
Source: onestart.exeString found in binary or memory: Try '%ls --help' for more information.
Source: onestart.exeString found in binary or memory: Try '%ls --help' for more information.
Source: onestart.exeString found in binary or memory: Try '%ls --help' for more information.
Source: onestart.exeString found in binary or memory: Try '%ls --help' for more information.
Source: onestart.exeString found in binary or memory: Try '%ls --help' for more information.
Source: onestart.exeString found in binary or memory: Try '%ls --help' for more information.
Source: onestart.exeString found in binary or memory: Try '%ls --help' for more information.
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\allpdfpro.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3866399E1BFBB92958CCE7C8594EF453 C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3CEBF64AD23C2D8EE07988E727EF4353
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe" "install" "15" "2"
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe" --install-archive="C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\ONESTART.PACKED.7Z" "install" "15" "2"
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff7336cca30,0x7ff7336cca3c,0x7ff7336cca48
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "taskkill /f /im DBar.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im DBar.exe
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "taskkill /f /im DBar.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im DBar.exe
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "rmdir "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar\bin" /s /q"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "xcopy "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar" "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar_new" /s /e /i"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\xcopy.exe xcopy "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar" "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar_new" /s /e /i
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exe "C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exe" -Embedding
Source: C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=128.0.6613.120 --initial-client-data=0x1c0,0x1c4,0x1c8,0x19c,0x1cc,0x7ff657d0e638,0x7ff657d0e644,0x7ff657d0e650
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff7336cca30,0x7ff7336cca3c,0x7ff7336cca48
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --from-installer
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "xcopy "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar_new" "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar" /s /e /i"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0xf0,0xf4,0xf8,0xcc,0xfc,0x7ffd4b4c1c70,0x7ffd4b4c1c7c,0x7ffd4b4c1c88
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\xcopy.exe xcopy "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar_new" "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar" /s /e /i
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "rmdir "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar_new" /s /q"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0x160,0x164,0x168,0x128,0x170,0x7ff7b71cbcb8,0x7ff7b71cbcc4,0x7ff7b71cbcd0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "cd /d "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar\bin" && start DBar.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exe DBar.exe
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=1948 /prefetch:2
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --field-trial-handle=2116,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:3
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2148,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=3372 /prefetch:8
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI629.tmp "C:\Windows\Installer\MSI629.tmp" /HideWindow cmd.exe /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\""
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --field-trial-handle=3448,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:8
Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /C "START /MIN /D "C:\Windows\system32\config\systemprofile\AppData\Local\OneStart.ai\OneStart\Application" onestart.exe --existing-window"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c ""%LOCALAPPDATA%\OneStart.ai\OneStart\Application\onestart.exe" --update"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --update
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0xf0,0xf4,0xf8,0xcc,0xfc,0x7ffd4b4c1c70,0x7ffd4b4c1c7c,0x7ffd4b4c1c88
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\SysWOW64\cmd.exe" /c
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1731349184574939 --launch-time-ticks=9833435775 --field-trial-handle=4212,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=4228 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1731349184574939 --launch-time-ticks=9834157164 --field-trial-handle=4240,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4516,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=4784 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=5272,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5400 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5440,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5600,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5596 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5608,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3866399E1BFBB92958CCE7C8594EF453 CJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3CEBF64AD23C2D8EE07988E727EF4353Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe" "install" "15" "2"Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI629.tmp "C:\Windows\Installer\MSI629.tmp" /HideWindow cmd.exe /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\""Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe" --install-archive="C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\ONESTART.PACKED.7Z" "install" "15" "2"Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff7336cca30,0x7ff7336cca3c,0x7ff7336cca48Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "taskkill /f /im DBar.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "taskkill /f /im DBar.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "rmdir "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar\bin" /s /q"Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "xcopy "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar" "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar_new" /s /e /i"Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --from-installerJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "xcopy "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar_new" "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar" /s /e /i"Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c "rmdir "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar_new" /s /q"Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\xcopy.exe xcopy "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar" "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar_new" /s /e /i
Source: C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=128.0.6613.120 --initial-client-data=0x1c0,0x1c4,0x1c8,0x19c,0x1cc,0x7ff657d0e638,0x7ff657d0e644,0x7ff657d0e650
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff7336cca30,0x7ff7336cca3c,0x7ff7336cca48
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0xf0,0xf4,0xf8,0xcc,0xfc,0x7ffd4b4c1c70,0x7ffd4b4c1c7c,0x7ffd4b4c1c88
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=1948 /prefetch:2
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --field-trial-handle=2116,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:3
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2148,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=3372 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --field-trial-handle=3448,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c ""%LOCALAPPDATA%\OneStart.ai\OneStart\Application\onestart.exe" --update"
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1731349184574939 --launch-time-ticks=9833435775 --field-trial-handle=4212,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=4228 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1731349184574939 --launch-time-ticks=9834157164 --field-trial-handle=4240,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4516,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=4784 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=5272,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5400 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5600,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5596 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5608,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\xcopy.exe xcopy "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar_new" "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar" /s /e /i
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0x160,0x164,0x168,0x128,0x170,0x7ff7b71cbcb8,0x7ff7b71cbcc4,0x7ff7b71cbcd0
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exe DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --update
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0xf0,0xf4,0xf8,0xcc,0xfc,0x7ffd4b4c1c70,0x7ffd4b4c1c7c,0x7ffd4b4c1c88
Source: C:\Windows\explorer.exeProcess created: unknown unknown
Source: C:\Windows\explorer.exeProcess created: unknown unknown
Source: C:\Windows\explorer.exeProcess created: unknown unknown
Source: C:\Windows\explorer.exeProcess created: unknown unknown
Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vss_ps.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\xcopy.exeSection loaded: ulib.dll
Source: C:\Windows\System32\xcopy.exeSection loaded: ifsutil.dll
Source: C:\Windows\System32\xcopy.exeSection loaded: devobj.dll
Source: C:\Windows\System32\xcopy.exeSection loaded: fsutilext.dll
Source: C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exeSection loaded: version.dll
Source: C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exeSection loaded: winmm.dll
Source: C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exeSection loaded: edgegdi.dll
Source: C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exeSection loaded: ntmarta.dll
Source: C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}\InprocServer32Jump to behavior
Source: OneStart.lnk.50.drLNK file: ..\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
Source: OneStart.lnk0.50.drLNK file: ..\..\..\..\Local\OneStart.ai\OneStart\Application\onestart.exe
Source: OneStart.lnk1.50.drLNK file: ..\..\..\..\..\Local\OneStart.ai\OneStart\Application\onestart.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Office\16.0\Outlook\Capabilities\UrlAssociationsJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_url_fetcher_2028_845183606
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_url_fetcher_2028_1047642397
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_url_fetcher_2028_1047642397\oimompecagnajdejgnnjijobebaeigek_4.10.2830.0_win64_dldxogwi36sxwpr57ta4lg57z4.crx3
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\_platform_specific\
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\_platform_specific\win_x64\
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\_platform_specific\win_x64\widevinecdm.dll.sig
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\_platform_specific\win_x64\widevinecdm.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\LICENSE
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\manifest.json
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\_metadata\
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\_metadata\verified_contents.json
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\manifest.fingerprint
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\chrome_BITS_2028_914187993
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\scoped_dir5620_990858864
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\scoped_dir5620_990858864\History
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDirectory created: C:\Program Files\scoped_dir5620_990858864\Favicons
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneStart.ai OneStartJump to behavior
Source: allpdfpro.msiStatic file information: File size 3873280 > 1048576
Source: Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: setup.exe, 00000008.00000003.98255453738.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdbD source: MSI629.tmp, 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmp, MSI629.tmp, 00000044.00000000.98305736547.0000000000CEE000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: d:\a01\_work\11\s\\binaries\x86ret\bin\i386\\msvcp140_codecvt_ids.i386.pdb source: setup.exe, 00000008.00000003.98255076472.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: setup.exe, 00000008.00000003.98255138514.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\unity\Abstractions\src\obj\Release\net48\Unity.Abstractions.pdbSHA256 source: setup.exe, 00000008.00000003.98255823429.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\11\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: setup.exe, 00000008.00000003.98255996060.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\vsprojects\ScreenRecorderLib\ScreenRecorderLib\bin\x86\Release\ScreenRecorderLib.pdb source: setup.exe, 00000008.00000003.98255248091.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\Documents\chromium-browser-scripts\src\out\Release\mini_installer.exe.pdb source: onestart_installer.exe, 00000007.00000000.97872296556.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000002.98288772731.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmp, onestart.exe, 0000004B.00000003.98352273497.0000568001204000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\a\WpfAppBar\WpfAppBar\WpfAppBar\obj\Release\net48\Itp.WpfAppBar.pdb source: setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.ValueTuple/net47\System.ValueTuple.pdb62P2 B2_CorDllMainmscoree.dll source: setup.exe, 00000008.00000003.98255763240.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /_/src/Flurl.Http/obj/Release/net472/Flurl.Http.pdbSHA256 source: setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net452\Microsoft.Win32.TaskScheduler.pdbSHA256 source: setup.exe, 00000008.00000003.98254799580.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdbBSJB source: setup.exe, 00000008.00000003.98255541897.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ome.dll.pdb source: onestart.exe, 0000004C.00000002.98336380348.00006C2800278000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\11\s\\binaries\x86ret\bin\i386\\msvcp140_atomic_wait.i386.pdb source: setup.exe, 00000008.00000003.98255005961.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdb source: setup.exe, 00000008.00000003.98255541897.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdbSHA256 source: setup.exe, 00000008.00000003.98254750380.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\unity\Container\src\obj\Release\net48\Unity.Container.pdbSHA256 source: setup.exe, 00000008.00000003.98255899577.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ?.pdbb@ source: onestart.exe, 0000004C.00000002.98335793049.00006C2800250000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\Users\Aybe\Documents\GitHub\Windows API Code Pack 1.1\source\WindowsAPICodePack\Shell\obj\Release\Microsoft.WindowsAPICodePack.Shell.pdb source: setup.exe, 00000008.00000003.98254875736.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\Documents\chromium-browser-scripts\src\out\Release\chrome_proxy.exe.pdb source: setup.exe, 00000008.00000003.98275407433.000001C368BF1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\vsprojects\ScreenRecorderLib\ScreenRecorderLib\bin\x86\Release\ScreenRecorderLib.pdbVV2GCTL source: setup.exe, 00000008.00000003.98255248091.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\unity\Container\src\obj\Release\net48\Unity.Container.pdb source: setup.exe, 00000008.00000003.98255899577.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdbl(% source: onestart.exe, 0000004C.00000002.98335793049.00006C2800250000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /_/artifacts/obj/System.Text.Json/Release/net462/System.Text.Json.pdb source: setup.exe, 00000008.00000003.98255622349.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: onestart.exe, 0000004C.00000002.98337641345.00006C28002D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.ValueTuple/net47\System.ValueTuple.pdb source: setup.exe, 00000008.00000003.98255763240.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /_/src/Flurl.Http/obj/Release/net472/Flurl.Http.pdb source: setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net452\Microsoft.Win32.TaskScheduler.pdb source: setup.exe, 00000008.00000003.98254799580.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netfx\System.Buffers.pdb source: setup.exe, 00000008.00000003.98255395573.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\Documents\chromium-browser-scripts\src\out\Release\setup.exe.pdb source: setup.exe, 00000008.00000000.97946763569.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.98282737220.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.97948101420.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000002.98268978733.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000000.98262445865.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000002.98272326005.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000000.98263812387.00007FF733659000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb source: setup.exe, 00000008.00000003.98255541897.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb source: setup.exe, 00000008.00000003.98255712240.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\Documents\chromium-browser-scripts\src\out\Release\initialexe\chrome.exe.pdb source: setup.exe, 00000008.00000003.98254309833.000001C366C46000.00000004.00000020.00020000.00000000.sdmp, onestart.exe, 00000035.00000000.98270841411.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000038.00000000.98272552957.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000003C.00000000.98273931520.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000040.00000000.98289669945.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000042.00000000.98296837315.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000043.00000000.98301057690.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000045.00000000.98306421942.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004B.00000000.98320520583.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004C.00000000.98321644954.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004D.00000000.98326937877.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: Windows.Media.pdb source: onestart.exe, 00000035.00000003.98355028622.000021A403304000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /_/artifacts/obj/System.Text.Json/Release/net462/System.Text.Json.pdbSHA256D source: setup.exe, 00000008.00000003.98255622349.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdb source: setup.exe, 00000008.00000003.98254750380.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb source: MSI629.tmp, 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmp, MSI629.tmp, 00000044.00000000.98305736547.0000000000CEE000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: c:\Users\Aybe\Documents\GitHub\Windows API Code Pack 1.1\source\WindowsAPICodePack\Shell\obj\Release\Microsoft.WindowsAPICodePack.Shell.pdbpZ source: setup.exe, 00000008.00000003.98254875736.000001C366C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: '(lhrome.dll.pdbl(' source: onestart.exe, 0000004C.00000002.98336380348.00006C2800278000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\a\WpfAppBar\WpfAppBar\WpfAppBar\obj\Release\net48\Itp.WpfAppBar.pdbSHA256F source: setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\unity\Abstractions\src\obj\Release\net48\Unity.Abstractions.pdb source: setup.exe, 00000008.00000003.98255823429.000001C366C57000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B7055B30 LoadLibraryW,GetProcAddress,69_2_00007FF7B7055B30
Source: onestart_installer.exe.part.6.drStatic PE information: section name: .gxfg
Source: onestart_installer.exe.part.6.drStatic PE information: section name: .retplne
Source: onestart_installer.exe.part.6.drStatic PE information: section name: _RDATA
Source: setup.exe.7.drStatic PE information: section name: .gxfg
Source: setup.exe.7.drStatic PE information: section name: .retplne
Source: setup.exe.7.drStatic PE information: section name: CPADinfo
Source: setup.exe.7.drStatic PE information: section name: LZMADEC
Source: setup.exe.7.drStatic PE information: section name: _RDATA
Source: chrome.dll.8.drStatic PE information: section name: .gxfg
Source: chrome.dll.8.drStatic PE information: section name: .retplne
Source: chrome.dll.8.drStatic PE information: section name: .rodata
Source: chrome.dll.8.drStatic PE information: section name: CPADinfo
Source: chrome.dll.8.drStatic PE information: section name: LZMADEC
Source: chrome.dll.8.drStatic PE information: section name: _RDATA
Source: chrome.dll.8.drStatic PE information: section name: malloc_h
Source: chrome.dll.8.drStatic PE information: section name: prot
Source: widevinecdm.dll.53.drStatic PE information: section name: .00cfg
Source: widevinecdm.dll.53.drStatic PE information: section name: .gxfg
Source: widevinecdm.dll.53.drStatic PE information: section name: .retplne
Source: widevinecdm.dll.53.drStatic PE information: section name: .rodata
Source: widevinecdm.dll.53.drStatic PE information: section name: _RDATA
Source: widevinecdm.dll.53.drStatic PE information: section name: malloc_h
Source: OneStart.exe.75.drStatic PE information: section name: .gxfg
Source: OneStart.exe.75.drStatic PE information: section name: .retplne
Source: OneStart.exe.75.drStatic PE information: section name: _RDATA
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CC9F30 push ecx; ret 68_2_00CC9F43

Persistence and Installation Behavior

barindex
Drops executables to the windows directory (C:\Windows) and starts them
Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSI629.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI11F5.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3B36.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI397D.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeFile created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI24EB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3A1A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI25F7.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI2753.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe.partJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\.data\OneStart.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI26F4.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI2598.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile created: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\_platform_specific\win_x64\widevinecdm.dllJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeFile created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source6540_1742458073\onestart-bin\126.0.6478.128\chrome.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3C22.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3A79.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI2656.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI1139.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI26A5.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI27A2.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI629.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeFile created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\chrome_proxy.exe (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI2800.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3B36.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI397D.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3C22.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3A79.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3A1A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI629.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe.partJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeFile created: C:\Users\user\AppData\Local\Temp\chromium_installer.logJump to behavior

Boot Survival

barindex
Creates multiple autostart registry keys
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartChromium
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartUpdate
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartBar
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartAutoLaunch_B4891BEF8823FC13D1A3C1E0C5B71E0B
Installs Task Scheduler Managed Wrapper
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeFile created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source6540_1742458073\onestart-bin\Bar\bin\Microsoft.Win32.TaskScheduler.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeFile created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\Microsoft.Win32.TaskScheduler.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestoreJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartChromium
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartChromium
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartBar
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartBar
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartUpdate
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartUpdate
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartAutoLaunch_B4891BEF8823FC13D1A3C1E0C5B71E0B
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartAutoLaunch_B4891BEF8823FC13D1A3C1E0C5B71E0B
Source: C:\Windows\System32\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeMemory allocated: 3690000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeMemory allocated: 3880000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeMemory allocated: 3690000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B7048080 rdtsc 69_2_00007FF7B7048080
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeWindow / User API: threadDelayed 9823
Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 389
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI2598.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI11F5.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDropped PE file which has not been started: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\_platform_specific\win_x64\widevinecdm.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI3B36.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source6540_1742458073\onestart-bin\126.0.6478.128\chrome.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI397D.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI3C22.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI3A79.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI3A1A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI24EB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI2656.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI1139.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI25F7.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI26A5.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI27A2.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI2753.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\OneStart.ai\OneStart\.data\OneStart.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI2800.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI26F4.tmpJump to dropped file
Source: C:\Windows\Installer\MSI629.tmpCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_68-35224
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeAPI coverage: 3.3 %
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeAPI coverage: 5.1 %
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exe TID: 6400Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exe TID: 6400Thread sleep time: -100000s >= -30000s
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exe TID: 6400Thread sleep time: -99890s >= -30000s
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exe TID: 6400Thread sleep time: -99781s >= -30000s
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exe TID: 6400Thread sleep time: -99672s >= -30000s
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exe TID: 6400Thread sleep time: -99562s >= -30000s
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exe TID: 6400Thread sleep time: -99453s >= -30000s
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exe TID: 6400Thread sleep time: -99343s >= -30000s
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010409
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010409
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\wasm FullSizeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js FullSizeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default FullSizeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default FullSizeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default FullSizeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\blob_storage\bd01d00f-44e0-4e16-ab75-60062c369997 FullSizeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default FullSizeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data FullSizeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data FullSizeInformation
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CE0B80 FindFirstFileExW,68_2_00CE0B80
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeThread delayed: delay time: 100000
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeThread delayed: delay time: 99890
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeThread delayed: delay time: 99781
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeThread delayed: delay time: 99672
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeThread delayed: delay time: 99562
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeThread delayed: delay time: 99453
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeThread delayed: delay time: 99343
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source6540_1742458073\onestart-binJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source6540_1742458073\onestart-bin\NULLJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source6540_1742458073\NULLJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\NULLJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source6540_1742458073Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source6540_1742458073\onestart-bin\126.0.6478.128Jump to behavior
Source: explorer.exe, 00000050.00000000.98372517106.000000000D8D6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(RpC
Source: onestart.exe, 0000004C.00000002.98345624482.00007FFD3CB91000.00000020.00000001.01000000.0000000F.sdmpBinary or memory string: tVMcI0M
Source: onestart_installer.exe, 00000007.00000003.97909436039.000001DAAE9B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: onestart_installer.exe, 00000007.00000002.98284813694.000001DAAE998000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllK
Source: explorer.exe, 00000050.00000000.98359364826.0000000009A91000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWystem32\netprofm.dllab-ca007942ac33}
Source: onestart.exe, 0000004C.00000002.98345624482.00007FFD3A391000.00000020.00000001.01000000.0000000F.sdmpBinary or memory string: tVMcI@M
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B7048080 rdtsc 69_2_00007FF7B7048080
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF733561898 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00007FF733561898
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B7055B30 LoadLibraryW,GetProcAddress,69_2_00007FF7B7055B30
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CE097C mov eax, dword ptr fs:[00000030h]68_2_00CE097C
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CD9DE5 mov ecx, dword ptr fs:[00000030h]68_2_00CD9DE5
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CA25B0 GetProcessHeap,68_2_00CA25B0
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF733561898 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00007FF733561898
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 8_2_00007FF733548388 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00007FF733548388
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 9_2_00007FF733561898 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00007FF733561898
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 9_2_00007FF733548388 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00007FF733548388
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 50_2_00007FF733561898 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,50_2_00007FF733561898
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeCode function: 50_2_00007FF733548388 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,50_2_00007FF733548388
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CCE146 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,68_2_00CCE146
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CCA111 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,68_2_00CCA111
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CCA2A5 SetUnhandledExceptionFilter,68_2_00CCA2A5
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CC98CD SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,68_2_00CC98CD
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B7105660 SetUnhandledExceptionFilter,69_2_00007FF7B7105660
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B70BBD4C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,69_2_00007FF7B70BBD4C
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B6F5F310 GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,AddVectoredExceptionHandler,CreateThread,GetLastError,69_2_00007FF7B6F5F310
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B70921C8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,69_2_00007FF7B70921C8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B70BBD4C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,76_2_00007FF7B70BBD4C
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 76_2_00007FF7B70921C8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,76_2_00007FF7B70921C8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeMemory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

barindex
Excessive usage of taskkill to terminate processes
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im DBar.exe
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CA7800 GetWindowsDirectoryW,GetForegroundWindow,ShellExecuteExW,ShellExecuteExW,GetModuleHandleW,GetProcAddress,AllowSetForegroundWindow,GetModuleHandleW,GetProcAddress,Sleep,EnumWindows,SetWindowPos,WaitForSingleObject,GetExitCodeProcess,GetWindowThreadProcessId,GetWindowLongW,68_2_00CA7800
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff7336cca30,0x7ff7336cca3c,0x7ff7336cca48Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\xcopy.exe xcopy "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar" "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar_new" /s /e /i
Source: C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=128.0.6613.120 --initial-client-data=0x1c0,0x1c4,0x1c8,0x19c,0x1cc,0x7ff657d0e638,0x7ff657d0e644,0x7ff657d0e650
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff7336cca30,0x7ff7336cca3c,0x7ff7336cca48
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0xf0,0xf4,0xf8,0xcc,0xfc,0x7ffd4b4c1c70,0x7ffd4b4c1c7c,0x7ffd4b4c1c88
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=1948 /prefetch:2
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --field-trial-handle=2116,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:3
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2148,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=3372 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --field-trial-handle=3448,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1731349184574939 --launch-time-ticks=9833435775 --field-trial-handle=4212,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=4228 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1731349184574939 --launch-time-ticks=9834157164 --field-trial-handle=4240,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4516,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=4784 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=5272,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5400 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5600,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5596 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5608,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\xcopy.exe xcopy "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar_new" "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar" /s /e /i
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0x160,0x164,0x168,0x128,0x170,0x7ff7b71cbcb8,0x7ff7b71cbcc4,0x7ff7b71cbcd0
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exe DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --update
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0xf0,0xf4,0xf8,0xcc,0xfc,0x7ffd4b4c1c70,0x7ffd4b4c1c7c,0x7ffd4b4c1c88
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeFile opened: Windows Firewall: C:\Windows\System32\FirewallAPI.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im DBar.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im DBar.exe
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe "c:\users\user\appdata\local\onestart.ai\onestart installer\cr_c36d0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=126.0.6478.128 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff7336cca30,0x7ff7336cca3c,0x7ff7336cca48
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe "c:\users\user\appdata\local\onestart.ai\onestart installer\cr_c36d0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=126.0.6478.128 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff7336cca30,0x7ff7336cca3c,0x7ff7336cca48
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=126.0.6478.128 --initial-client-data=0xf0,0xf4,0xf8,0xcc,0xfc,0x7ffd4b4c1c70,0x7ffd4b4c1c7c,0x7ffd4b4c1c88
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=126.0.6478.128 --initial-client-data=0x160,0x164,0x168,0x128,0x170,0x7ff7b71cbcb8,0x7ff7b71cbcc4,0x7ff7b71cbcd0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaeaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --field-trial-handle=1952,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=1948 /prefetch:2
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-us --service-sandbox-type=none --start-stack-profiler --field-trial-handle=2116,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:3
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-us --service-sandbox-type=service --field-trial-handle=2148,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=3372 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.profileimport --lang=en-us --service-sandbox-type=none --field-trial-handle=3448,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=126.0.6478.128 --initial-client-data=0xf0,0xf4,0xf8,0xcc,0xfc,0x7ffd4b4c1c70,0x7ffd4b4c1c7c,0x7ffd4b4c1c88
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=renderer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1731349184574939 --launch-time-ticks=9833435775 --field-trial-handle=4212,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=4228 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=renderer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1731349184574939 --launch-time-ticks=9834157164 --field-trial-handle=4240,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.datadecoderservice --lang=en-us --service-sandbox-type=service --field-trial-handle=4516,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=4784 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.processormetrics --lang=en-us --service-sandbox-type=none --field-trial-handle=5272,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5400 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.unzipper --lang=en-us --service-sandbox-type=service --field-trial-handle=5440,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.datadecoderservice --lang=en-us --service-sandbox-type=service --field-trial-handle=5600,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5596 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.unzipper --lang=en-us --service-sandbox-type=service --field-trial-handle=5608,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe "c:\users\user\appdata\local\onestart.ai\onestart installer\cr_c36d0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=126.0.6478.128 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff7336cca30,0x7ff7336cca3c,0x7ff7336cca48Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe "c:\users\user\appdata\local\onestart.ai\onestart installer\cr_c36d0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=126.0.6478.128 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff7336cca30,0x7ff7336cca3c,0x7ff7336cca48
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=126.0.6478.128 --initial-client-data=0xf0,0xf4,0xf8,0xcc,0xfc,0x7ffd4b4c1c70,0x7ffd4b4c1c7c,0x7ffd4b4c1c88
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaeaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --field-trial-handle=1952,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=1948 /prefetch:2
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-us --service-sandbox-type=none --start-stack-profiler --field-trial-handle=2116,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:3
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-us --service-sandbox-type=service --field-trial-handle=2148,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=3372 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.profileimport --lang=en-us --service-sandbox-type=none --field-trial-handle=3448,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=renderer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1731349184574939 --launch-time-ticks=9833435775 --field-trial-handle=4212,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=4228 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=renderer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1731349184574939 --launch-time-ticks=9834157164 --field-trial-handle=4240,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.datadecoderservice --lang=en-us --service-sandbox-type=service --field-trial-handle=4516,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=4784 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.processormetrics --lang=en-us --service-sandbox-type=none --field-trial-handle=5272,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5400 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.datadecoderservice --lang=en-us --service-sandbox-type=service --field-trial-handle=5600,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5596 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.unzipper --lang=en-us --service-sandbox-type=service --field-trial-handle=5608,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=126.0.6478.128 --initial-client-data=0x160,0x164,0x168,0x128,0x170,0x7ff7b71cbcb8,0x7ff7b71cbcc4,0x7ff7b71cbcd0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=126.0.6478.128 --initial-client-data=0xf0,0xf4,0xf8,0xcc,0xfc,0x7ffd4b4c1c70,0x7ffd4b4c1c7c,0x7ffd4b4c1c88
Source: explorer.exe, 00000050.00000000.98342269719.00000000016D0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000050.00000000.98353395343.0000000004CD0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000050.00000000.98342269719.00000000016D0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
Source: explorer.exe, 00000050.00000000.98342269719.00000000016D0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Managerp
Source: explorer.exe, 00000050.00000000.98342269719.00000000016D0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
Source: explorer.exe, 00000050.00000000.98338484448.0000000000EB9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanROC
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CC9D5C cpuid 68_2_00CC9D5C
Source: C:\Windows\Installer\MSI629.tmpCode function: GetLocaleInfoW,68_2_00CE4080
Source: C:\Windows\Installer\MSI629.tmpCode function: GetLocaleInfoEx,68_2_00CC9007
Source: C:\Windows\Installer\MSI629.tmpCode function: EnumSystemLocalesW,68_2_00CDE19D
Source: C:\Windows\Installer\MSI629.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,68_2_00CE41A9
Source: C:\Windows\Installer\MSI629.tmpCode function: GetLocaleInfoW,68_2_00CE42AF
Source: C:\Windows\Installer\MSI629.tmpCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,68_2_00CE437E
Source: C:\Windows\Installer\MSI629.tmpCode function: GetLocaleInfoEx,FormatMessageA,68_2_00CB27C1
Source: C:\Windows\Installer\MSI629.tmpCode function: GetLocaleInfoW,68_2_00CDE71A
Source: C:\Windows\Installer\MSI629.tmpCode function: GetACP,IsValidCodePage,GetLocaleInfoW,68_2_00CE39FF
Source: C:\Windows\Installer\MSI629.tmpCode function: EnumSystemLocalesW,68_2_00CE3CF2
Source: C:\Windows\Installer\MSI629.tmpCode function: EnumSystemLocalesW,68_2_00CE3CA7
Source: C:\Windows\Installer\MSI629.tmpCode function: EnumSystemLocalesW,68_2_00CE3D8D
Source: C:\Windows\Installer\MSI629.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,68_2_00CE3E20
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\master_preferences VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Preferences VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\126.0.6478.128\MEIPreload\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\126.0.6478.128\MEIPreload\preloaded_data.pb VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir2028_1271254821\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir2028_1271254821\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir2028_1271254821\CRX_INSTALL\conversion-tracking.js VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir2028_1271254821\CRX_INSTALL\page.js VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extensions\memhbiihnoblfombkckdfmemihcnlihc\1.0.1.30_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extensions\memhbiihnoblfombkckdfmemihcnlihc\1.0.1.30_0\conversion-tracking.js VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extensions\memhbiihnoblfombkckdfmemihcnlihc\1.0.1.30_0\page.js VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extensions\memhbiihnoblfombkckdfmemihcnlihc\1.0.1.30_0\conversion-tracking.js VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extensions\memhbiihnoblfombkckdfmemihcnlihc\1.0.1.30_0\page.js VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0 VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\manifest.json VolumeInformation
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exe VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\Itp.WpfAppBar.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\Unity.Container.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\Unity.Abstractions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\Newtonsoft.Json.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\Microsoft.Xaml.Behaviors.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\ScreenRecorderLib.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\ScreenRecorderLib.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\ScreenRecorderLib.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\System.Runtime.CompilerServices.Unsafe.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\Microsoft.WindowsAPICodePack.Shell.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\Microsoft.WindowsAPICodePack.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2312.1.0_x64__8wekyb3d8bbwe\Assets\TipsAppList.scale-100.png VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2304.1243.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\FeedbackHubAppList.scale-100.png VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsMaps_11.2403.4.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\MapsAppList.scale-100.png VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.6.0.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Icons\StickyNotesAppList.scale-100.png VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorAppList.scale-100.png VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Windows\ImmersiveControlPanel\images\logo.scale-100.png VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-44_theme-dark.png VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\Microsoft.Win32.TaskScheduler.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Windows\System32\WinMetadata\Windows.Media.winmd VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Windows\System32\WinMetadata\Windows.Foundation.winmd VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.InteropServices.WindowsRuntime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.InteropServices.WindowsRuntime.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.WindowsRuntime\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.WindowsRuntime.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\FluentWPF.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemData\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemData.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\SCT Auditing Pending Reports VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B6F57790 VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,LocalFree,CreateNamedPipeW,GetLastError,SetLastError,GetLastError,GetLastError,69_2_00007FF7B6F57790
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeCode function: 7_2_00007FF6FFBE6710 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,7_2_00007FF6FFBE6710
Source: C:\Windows\Installer\MSI629.tmpCode function: 68_2_00CDEBA4 GetTimeZoneInformation,68_2_00CDEBA4
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeCode function: 69_2_00007FF7B703EEB0 GetVersionExW,GetProductInfo,GetNativeSystemInfo,69_2_00007FF7B703EEB0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: C:\Windows\System32\msiexec.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\History
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		2
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		131
Disable or Modify Tools		1
OS Credential Dumping		2
System Time Discovery		Remote Services11
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts12
Command and Scripting Interpreter		11
Windows Service		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory11
Peripheral Device Discovery		Remote Desktop Protocol1
Data from Local System		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts11
Scheduled Task/Job		11
Scheduled Task/Job		11
Windows Service		2
Obfuscated Files or Information		Security Account Manager3
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron11
Registry Run Keys / Startup Folder		13
Process Injection		1
DLL Side-Loading		NTDS46
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script11
Scheduled Task/Job		1
File Deletion		LSA Secrets31
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts11
Registry Run Keys / Startup Folder		133
Masquerading		Cached Domain Credentials31
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Modify Registry		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job31
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt13
Process Injection		/etc/passwd and /etc/shadow1
Remote System Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1554005 Sample: allpdfpro.msi Startdate: 11/11/2024 Architecture: WINDOWS Score: 60 9 msiexec.exe 11 36 2->9         started        13 msiexec.exe 14 2->13         started        15 cmd.exe 2->15         started        17 3 other processes 2->17 file3 95 C:\Windows\Installer\MSI629.tmp, PE32 9->95 dropped 97 C:\Windows\Installer\MSI3C22.tmp, PE32 9->97 dropped 99 C:\Windows\Installer\MSI3B36.tmp, PE32 9->99 dropped 107 3 other files (none is malicious) 9->107 dropped 147 Drops executables to the windows directory (C:\Windows) and starts them 9->147 19 onestart_installer.exe 17 9->19         started        23 msiexec.exe 13 9->23         started        25 msiexec.exe 9->25         started        27 MSI629.tmp 9->27         started        101 C:\Users\user\AppData\Local\...\MSI2800.tmp, PE32 13->101 dropped 103 C:\Users\user\AppData\Local\...\MSI27A2.tmp, PE32 13->103 dropped 105 C:\Users\user\AppData\Local\...\MSI2753.tmp, PE32 13->105 dropped 109 8 other files (none is malicious) 13->109 dropped 29 onestart.exe 15->29         started        31 conhost.exe 15->31         started        33 chrome.exe 17->33         started        35 conhost.exe 17->35         started        37 2 other processes 17->37 signatures4 process5 dnsIp6 117 3.161.150.2 AMAZON-02US United States 19->117 119 3.161.193.27 AMAZON-02US United States 19->119 121 127.0.0.1 unknown unknown 19->121 85 C:\Users\user\AppData\Local\...\setup.exe, PE32+ 19->85 dropped 39 setup.exe 77 210 19->39         started        123 54.230.31.3 AMAZON-02US United States 23->123 87 C:\Users\user\...\onestart_installer.exe.part, PE32+ 23->87 dropped 89 C:\Users\...\onestart_installer.exe (copy), PE32+ 23->89 dropped 43 onestart.exe 29->43         started        file7 process8 file9 91 C:\Users\user\AppData\Local\...\chrome.dll, PE32+ 39->91 dropped 93 C:\Users\user\...\chrome_proxy.exe (copy), PE32+ 39->93 dropped 141 Installs Task Scheduler Managed Wrapper 39->141 143 Excessive usage of taskkill to terminate processes 39->143 45 onestart.exe 39->45         started        50 cmd.exe 1 39->50         started        52 cmd.exe 39->52         started        54 16 other processes 39->54 signatures10 process11 dnsIp12 135 3.161.150.69 AMAZON-02US United States 45->135 137 3.161.193.24 AMAZON-02US United States 45->137 139 2 other IPs or domains 45->139 113 C:\Users\user\AppData\Local\...\History, SQLite 45->113 dropped 115 C:\Program Files\...\widevinecdm.dll, PE32+ 45->115 dropped 149 Creates multiple autostart registry keys 45->149 151 Tries to harvest and steal browser information (history, passwords, etc) 45->151 56 onestart.exe 45->56         started        59 cmd.exe 45->59         started        61 onestart.exe 45->61         started        70 11 other processes 45->70 153 Excessive usage of taskkill to terminate processes 50->153 72 3 other processes 50->72 63 conhost.exe 52->63         started        65 taskkill.exe 52->65         started        67 DBar.exe 54->67         started        74 26 other processes 54->74 file13 signatures14 process15 dnsIp16 145 Tries to harvest and steal browser information (history, passwords, etc) 56->145 76 onestart.exe 59->76         started        79 onestart.exe 61->79         started        81 Conhost.exe 63->81         started        125 18.160.78.13 MIT-GATEWAYSUS United States 67->125 127 13.32.230.84 AMAZON-02US United States 67->127 129 9.9.9.9 QUAD9-AS-1US United States 70->129 131 108.177.122.94 GOOGLEUS United States 70->131 133 16 other IPs or domains 70->133 83 Conhost.exe 70->83         started        signatures17 process18 file19 111 C:\Users\user\AppData\Local\...\OneStart.exe, PE32+ 76->111 dropped

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
allpdfpro.msi0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\_platform_specific\win_x64\widevinecdm.dll0%ReversingLabs
C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe4%ReversingLabs
C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe (copy)3%ReversingLabs
C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe.part3%ReversingLabs
C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\chrome_proxy.exe (copy)4%ReversingLabs
C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source6540_1742458073\onestart-bin\126.0.6478.128\chrome.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI1139.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI11F5.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI24EB.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI2598.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI25F7.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI2656.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI26A5.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI26F4.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI2753.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI27A2.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI2800.tmp0%ReversingLabs
C:\Windows\Installer\MSI397D.tmp0%ReversingLabs
C:\Windows\Installer\MSI3A1A.tmp0%ReversingLabs
C:\Windows\Installer\MSI3A79.tmp0%ReversingLabs
C:\Windows\Installer\MSI3B36.tmp0%ReversingLabs
C:\Windows\Installer\MSI3C22.tmp0%ReversingLabs
C:\Windows\Installer\MSI629.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://ocsp.r2m02.amazontrust.com060%Avira URL Cloudsafe
https://pc.game/games.html#racing0%Avira URL Cloudsafe
https://pc.game/games.html#adventure0%Avira URL Cloudsafe
http://unisolated.invalid/0%Avira URL Cloudsafe
https://pdf.onestart.ai/en/watermark-image-pdf0%Avira URL Cloudsafe
https://pdf.onestart.ai/css/tools.css0%Avira URL Cloudsafe
https://pdf.onestart.ai/css/main.css0%Avira URL Cloudsafe
https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new0%Avira URL Cloudsafe
https://crashpad.chromium.org/0%Avira URL Cloudsafe
https://anglebug.com/72460%Avira URL Cloudsafe
https://crbug.com/5930240%Avira URL Cloudsafe
https://pdf.onestart.ai/en/add-page-number0%Avira URL Cloudsafe
https://pc.game/games.html#casual0%Avira URL Cloudsafe
http://anglebug.com/14520%Avira URL Cloudsafe
https://pdf.onestart.ai/en/pdf-to-jpg0%Avira URL Cloudsafe
https://pc.game/games.html#strategy0%Avira URL Cloudsafe
http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
http://anglebug.com/84170%Avira URL Cloudsafe
https://fullscreen.spec.whatwg.org/#user-agent-level-style-sheet-defaults:0%Avira URL Cloudsafe
https://pc.game/games.html#platform0%Avira URL Cloudsafe
https://crashpad.chromium.org/bug/new0%Avira URL Cloudsafe
http://anglebug.com/50070%Avira URL Cloudsafe
https://pdf.onestart.ai/images/onestart/icon-merge.png0%Avira URL Cloudsafe
https://pdf.ones0%Avira URL Cloudsafe
https://assets.msn0%Avira URL Cloudsafe
https://pdf.onestart.ai/css/services.css0%Avira URL Cloudsafe
http://schemas.micro0%Avira URL Cloudsafe
https://pc.game/games.html#shooter0%Avira URL Cloudsafe
https://log.onestart.aihttps://api2.onestart.ai/api/bb/updates.txtLOCALAPPDATAhttps://onestart.ai/ch0%Avira URL Cloudsafe
https://log.onestart.aihttps://api2.onestart.ai/api/bb/updates.txt%LOCALAPPDATA%namerwhttps://manual0%Avira URL Cloudsafe
https://pdf.onesart.ai/0%Avira URL Cloudsafe
https://pc.game/games.html#board0%Avira URL Cloudsafe
https://pdf.onestart.ai/js/editor.js0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://onestart.ai/chr/uninstall?iid=setup.exe, 00000008.00000000.97946763569.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.98282737220.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.97948101420.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000002.98268978733.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000000.98262445865.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000002.98272326005.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000000.98263812387.00007FF733659000.00000002.00000001.01000000.00000006.sdmpfalse
    		high
    https://onestart.ai/featuresonestart.exe, 00000042.00000003.98360205232.000015300074C000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      https://outlook.live.com/owa/DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
        		high
        https://pc.game/games.html#racingDBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://onestart.ai/chr/ri?fhnid=ip&product=2&bversion=126.0.6478.128&wversion=4.5.247.2onestart_installer.exe, 00000007.00000002.98286746850.00004D4C00288000.00000004.00001000.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000002.98286481832.00004D4C00274000.00000004.00001000.00020000.00000000.sdmpfalse
          		high
          https://code.jquery.com/jquery-3.2.1.slim.min.jsonestart.exe, 00000042.00000003.98362383434.00001530007B0000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            https://pdf.onestart.ai/en/watermark-image-pdfDBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.eicar.org/wp-content/uploads/2018/04/cropped-e-32x32.pngonestart.exe, 00000045.00000003.98313496043.0000020570396000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000050.00000000.98372517106.000000000D8F7000.00000004.00000001.00020000.00000000.sdmpfalse
                		high
                https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-na-us-chrome-bubble&utm_onestart.exe, 00000045.00000003.98313496043.0000020570396000.00000004.00000020.00020000.00000000.sdmp, onestart.exe, 00000045.00000003.98308559154.00000205703AF000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control:onestart.exe, 00000042.00000003.98315071874.0000153000120000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://pdf.onestart.ai/css/main.cssonestart.exe, 00000042.00000003.98366335904.000015300084C000.00000004.00001000.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://resources.onestart.ai/onestart_installer_128.0.6613.125.exeonestart.exe, 0000004B.00000003.98334576311.00000210CCC60000.00000004.00000800.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98333035316.000056800031C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98332688892.000056800031C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98333316423.0000568000320000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98333316423.000056800032A000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98332688892.000056800032A000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      https://onestart.ai/chr/ri?onestart_installer.exe, 00000007.00000000.97872296556.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000002.98288772731.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmp, onestart.exe, 0000004B.00000003.98352273497.0000568001204000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://onestart.ai/contentonestart.exe, 00000042.00000003.98360205232.000015300074C000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newsetup.exe, 00000008.00000000.97946763569.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000002.98282737220.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000009.00000000.97948101420.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000002.98268978733.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000032.00000000.98262445865.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000002.98272326005.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000033.00000000.98263812387.00007FF733659000.00000002.00000001.01000000.00000006.sdmp, onestart.exe, 00000035.00000000.98270841411.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000038.00000000.98272552957.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000003C.00000000.98273931520.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000040.00000000.98289669945.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000042.00000000.98296837315.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000043.00000000.98301057690.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000045.00000000.98306421942.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004B.00000000.98320520583.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004C.00000000.98321644954.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004D.00000000.98326937877.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000051.00000000.98336477526.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://onestart.ai/chr/gcsett?iid=fhnid=ip&product=2&bversion=126.0.6478.128&wversion=4.5.247.2fhnionestart_installer.exe, 00000007.00000002.98286237643.00004D4C00250000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://www.greetingsisland.com/cardsDBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                              		high
                              https://web.whatsapp.com/DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                		high
                                https://maps.google.com/DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                  		high
                                  https://www.inoreader.com/search/feeds/category/top%20newsDBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                    		high
                                    https://templates.office.com/en-us/businessDBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                      		high
                                      https://onestart.ai/chr/gcsett?iid=d1b005fc-9638-4680-912d-46fbd5b0c6econestart.exe, 00000035.00000003.98336790367.000021A4027AC000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.tumblr.com/DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                          		high
                                          http://unisolated.invalid/onestart.exe, 00000035.00000003.98335289474.000021A403304000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000035.00000003.98355028622.000021A403304000.00000004.00001000.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://wns.windows.com/rexplorer.exe, 00000050.00000000.98358458996.0000000009883000.00000004.00000001.00020000.00000000.sdmpfalse
                                            		high
                                            https://pdf.onestart.ai/css/tools.cssonestart.exe, 00000042.00000003.98366335904.000015300084C000.00000004.00001000.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://manualslib.comDBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                              		high
                                              https://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=reb&command=DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                		high
                                                http://crt.r2m02.amazontrust.com/r2m02.cer0onestart.exe, 00000035.00000003.98355028622.000021A403300000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000035.00000003.98356109644.000021A403664000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98362740431.000015300092C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.0000153000974000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.0000153000979000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.0000153000984000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98358101035.0000153000130000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000746000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000740000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.000015300097E000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.0000153000989000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.000015300098E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.walmart.com/DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                    		high
                                                    https://login.yahoo.com/DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                      		high
                                                      https://unpkg.com/boxiconsonestart.exe, 00000042.00000003.98362633964.0000153000770000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98366335904.000015300084C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://templates.office.com/en-us/budgetsDBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                          		high
                                                          https://crashpad.chromium.org/onestart.exe, onestart.exe, 0000004C.00000000.98321644954.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004D.00000000.98326937877.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000051.00000000.98336477526.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://anglebug.com/7246onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://pc.game/games.html#adventureDBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://ocsp.r2m02.amazontrust.com06onestart.exe, 00000035.00000003.98355028622.000021A403300000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000035.00000003.98356109644.000021A403664000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98362740431.000015300092C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.0000153000974000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.0000153000979000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.0000153000984000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98358101035.0000153000130000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000746000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000740000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.000015300097E000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.0000153000989000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.000015300098E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://crbug.com/593024onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://duckduckgo.com/?q=DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                            		high
                                                            https://www.inoreader.com/search/feeds/category/marketing%20%26%20mediaDBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                              		high
                                                              http://anglebug.com/8417onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315189521.00005E8800138000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.inoreader.com/search/feeds/category/hobby%20%26%20lifestyleDBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                		high
                                                                http://i.pki.goog/r1.crt0onestart.exe, 00000035.00000003.98365573411.000021A403640000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98371200554.000015300076C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://secure.eicar.org/eicar.comonestart.exe, 00000045.00000002.98318181460.000002057060A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://api.unsplash.com/search/photosDBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                      		high
                                                                      http://ocsp.rootca1.amazontrust.com0:onestart.exe, 00000035.00000003.98355028622.000021A403300000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000035.00000003.98356109644.000021A403664000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.0000153000974000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.0000153000979000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98352506273.00001530001DD000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.0000153000984000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98358101035.0000153000130000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000746000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000740000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98369267384.000015300097E000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.0000153000989000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98370905554.000015300098E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://fullscreen.spec.whatwg.org/#user-agent-level-style-sheet-defaults:onestart.exe, 00000051.00000003.98351920215.00000BC800890000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000051.00000003.98350970611.00000BC800884000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000051.00000003.98351281091.00000BC800770000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000051.00000003.98349847414.00000BC800798000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.llbean.com/webapp/wcs/stores/servlet/LLBShoppingCartDisplayonestart.exe, 00000035.00000003.98336790367.000021A4027AC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://pc.game/games.html#platformDBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.jotform.com/form-templates/DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                          		high
                                                                          https://www.google.com/favicon.icoonestart.exe, 00000045.00000003.98313496043.0000020570396000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://pc.game/games.html#casualDBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://crl.rootg2.amazontrust.com/rootg2.crl0onestart.exe, 00000035.00000003.98355028622.000021A403300000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000035.00000003.98356109644.000021A403664000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98358101035.0000153000130000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000746000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98360205232.0000153000740000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.inoreader.com/search/feeds/category/tech%20news%20%26%20trends%inoreader_businessDBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                		high
                                                                                https://api.onestart.aiDBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                  		high
                                                                                  https://pdf.onestart.ai/en/add-page-numberDBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://onestart.ai/chr/ui?iid=onestart_installer.exe, 00000007.00000000.97872296556.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000002.98288772731.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmp, onestart.exe, 0000004B.00000003.98352273497.0000568001204000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://pc.game/games.html#strategyDBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://anglebug.com/1452onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://pdf.onestart.ai/en/pdf-to-jpgDBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://login.aol.com/DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                      		high
                                                                                      https://github.com/tmenier/Flurl.git5setup.exe, 00000008.00000003.98254673121.000001C366C57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://github.com/dahall/taskschedulersetup.exe, 00000008.00000003.98254799580.000001C366C56000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://onestart.ai/chr/ri?productbrowsertyphttps://onestart.ai/chr/ui?iid=onestart.exe, 0000004B.00000003.98352273497.0000568001204000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://pdf.onesonestart.exe, 00000042.00000003.98371200554.0000153000770000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98362633964.0000153000770000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98372062638.0000153000765000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://secure.eicar.org/eicar.com.txtonestart.exe, 00000045.00000002.98318181460.000002057060A000.00000004.10000000.00040000.00000000.sdmp, onestart.exe, 00000045.00000003.98308559154.00000205703AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://onestart.ai/dashboardonestart.exe, 00000042.00000003.98360205232.000015300074C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://pdf.onestart.ai/css/services.cssonestart.exe, 00000042.00000003.98362961053.0000153000828000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98366335904.000015300084C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://www.inoreader.com/search/feeds/category/sports#shell:appsFolderDBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                  		high
                                                                                                  http://crl.pki.goog/gsr1/gsr1.crl0;onestart.exe, 00000042.00000003.98371200554.000015300076C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://github.com/dotnet/runtime8setup.exe, 00000008.00000003.98255622349.000001C366C56000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://assets.msnexplorer.exe, 00000050.00000000.98358458996.00000000098E7000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://pdf.onestart.ai/images/onestart/icon-merge.pngonestart.exe, 00000042.00000003.98368859346.000015300087C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98367737098.000015300087C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://crashpad.chromium.org/bug/newonestart.exe, onestart.exe, 0000004C.00000000.98321644954.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 0000004D.00000000.98326937877.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmp, onestart.exe, 00000051.00000000.98336477526.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://www.unicode.org/copyright.htmlonestart.exe, 0000004C.00000002.98331086269.000001E321DE2000.00000002.00000001.00040000.00000026.sdmpfalse
                                                                                                        		high
                                                                                                        http://anglebug.com/5007onestart.exe, 00000035.00000003.98319694281.000021A402EF8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315345742.00005E8800168000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315189521.00005E8800138000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800170000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315763640.00005E8800178000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000040.00000003.98315626791.00005E880016C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://onestart.ai/blogonestart.exe, 00000042.00000003.98360205232.000015300074C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://api.onestart.ai/api/bb/updates.txtonestart_installer.exe, 00000007.00000003.97898663028.00004D4C0031C000.00000004.00001000.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000003.97898731481.00004D4C0031C000.00000004.00001000.00020000.00000000.sdmp, onestart_installer.exe, 00000007.00000002.98287276938.00004D4C002D5000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000035.00000003.98305576984.000021A402DD8000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98327170653.000056800031C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 0000004B.00000003.98327327536.000056800031C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://onestart.ai/browseronestart.exe, 00000042.00000003.98360205232.000015300074C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://onestart.ai/contact-usonestart.exe, 00000042.00000003.98360205232.000015300074C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.ecosia.org/search?q=&addon=opensearchonestart.exe, 00000035.00000003.98336790367.000021A4027AC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://onestart.ai/chr/newtab?iid=d1b005fc-9638-4680-912d-46fbd5b0c6econestart.exe, 00000035.00000003.98336790367.000021A4027AC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://schemas.microexplorer.exe, 00000050.00000000.98345720423.00000000034F0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000050.00000000.98363800507.0000000009F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000050.00000000.98367021438.000000000ABC0000.00000002.00000001.00040000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://gmail.com/DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://github.com/dotnet/runtimesetup.exe, 00000008.00000003.98255622349.000001C366C56000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000003.98254750380.000001C366C57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://pc.game/games.html#shooterDBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://www.epicurious.com/search/Ghttps://www.foodnetwork.com/search/DBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://log.onestart.aihttps://api2.onestart.ai/api/bb/updates.txtLOCALAPPDATAhttps://onestart.ai/chonestart.exe, 0000004B.00000003.98352273497.0000568001204000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://onestart.aionestart.exe, 00000042.00000003.98366335904.000015300084C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://www.msn.com/en-us/news/us/sen-tuberville-blocks-promotion-of-lloyd-austin-s-top-military-aidexplorer.exe, 00000050.00000000.98358458996.0000000009883000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://log.onestart.aihttps://api2.onestart.ai/api/bb/updates.txt%LOCALAPPDATA%namerwhttps://manualonestart_installer.exe, 00000007.00000000.97872296556.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmp, onestart_installer.exe, 00000007.00000002.98288772731.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://onestart.ai/uninstallonestart.exe, 00000042.00000003.98360205232.000015300074C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://aka.ms/dotnet-warnings/setup.exe, 00000008.00000003.98255622349.000001C366C56000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://pdf.onestart.ai/js/editor.jsonestart.exe, 00000042.00000003.98366335904.000015300084C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  http://c.pki.goog/r/r1.crl0onestart.exe, 00000035.00000003.98365573411.000021A403640000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000042.00000003.98371200554.000015300076C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://aka.ms/serializationformat-binary-obsoletesetup.exe, 00000008.00000003.98255622349.000001C366C56000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://pdf.onesart.ai/onestart.exe, 00000042.00000003.98362633964.0000153000770000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      https://aka.ms/binaryformattersetup.exe, 00000008.00000003.98255622349.000001C366C56000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://pc.game/games.html#boardDBar.exe, 0000003F.00000000.98274387729.0000000000FC2000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown

                                                                                                                                        World Map of Contacted IPs

                                                                                                                                        • No. of IPs < 25%
                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                        • 75% < No. of IPs

                                                                                                                                        Public IPs

                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                        3.161.188.49
                                                                                                                                        		unknownUnited States
                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                        151.101.193.229
                                                                                                                                        		unknownUnited States
                                                                                                                                        		54113FASTLYUSfalse
                                                                                                                                        3.161.150.45
                                                                                                                                        		unknownUnited States
                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                        3.161.150.69
                                                                                                                                        		unknownUnited States
                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                        104.17.245.203
                                                                                                                                        		unknownUnited States
                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                        64.233.185.84
                                                                                                                                        		unknownUnited States
                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                        151.101.194.137
                                                                                                                                        		unknownUnited States
                                                                                                                                        		54113FASTLYUSfalse
                                                                                                                                        18.160.78.13
                                                                                                                                        		unknownUnited States
                                                                                                                                        		3MIT-GATEWAYSUSfalse
                                                                                                                                        74.125.138.94
                                                                                                                                        		unknownUnited States
                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                        172.64.41.3
                                                                                                                                        		unknownUnited States
                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                        172.217.215.95
                                                                                                                                        		unknownUnited States
                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                        54.230.31.3
                                                                                                                                        		unknownUnited States
                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                        9.9.9.9
                                                                                                                                        		unknownUnited States
                                                                                                                                        		19281QUAD9-AS-1USfalse
                                                                                                                                        104.17.24.14
                                                                                                                                        		unknownUnited States
                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                        74.125.136.97
                                                                                                                                        		unknownUnited States
                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                        1.1.1.1
                                                                                                                                        		unknownAustralia
                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                        34.104.35.123
                                                                                                                                        		unknownUnited States
                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                        3.161.150.2
                                                                                                                                        		unknownUnited States
                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                        3.161.193.24
                                                                                                                                        		unknownUnited States
                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                        13.32.230.84
                                                                                                                                        		unknownUnited States
                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                        3.161.193.27
                                                                                                                                        		unknownUnited States
                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                        172.253.124.95
                                                                                                                                        		unknownUnited States
                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                        239.255.255.250
                                                                                                                                        		unknownReserved
                                                                                                                                        		unknownunknownfalse
                                                                                                                                        74.125.21.94
                                                                                                                                        		unknownUnited States
                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                        108.177.122.94
                                                                                                                                        		unknownUnited States
                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                        216.239.34.178
                                                                                                                                        		unknownUnited States
                                                                                                                                        		15169GOOGLEUSfalse

                                                                                                                                        Private

                                                                                                                                        IP
                                                                                                                                        192.168.11.20
                                                                                                                                        127.0.0.1

                                                                                                                                        General Information

                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                        Analysis ID:1554005
                                                                                                                                        Start date and time:2024-11-11 22:00:30 +01:00
                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                        Overall analysis duration:0h 15m 0s
                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                        Report type:full
                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                        Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                                        Number of analysed new started processes analysed:102
                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                        Number of injected processes analysed:1
                                                                                                                                        Technologies:
                                                                                                                                        • HCA enabled
                                                                                                                                        • EGA enabled
                                                                                                                                        • AMSI enabled
                                                                                                                                        Analysis Mode:default
                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                        Sample name:allpdfpro.msi
                                                                                                                                        Detection:MAL
                                                                                                                                        Classification:mal60.spyw.evad.winMSI@152/307@0/28
                                                                                                                                        EGA Information:
                                                                                                                                        • Successful, ratio: 85.7%
                                                                                                                                        HCA Information:Failed
                                                                                                                                        Cookbook Comments:
                                                                                                                                        • Found application associated with file extension: .msi

                                                                                                                                        Warnings

                                                                                                                                        • Exclude process from analysis (whitelisted): Conhost.exe, dllhost.exe, VSSVC.exe, svchost.exe
                                                                                                                                        • Execution Graph export aborted for target onestart_installer.exe, PID 4128 because there are no executed function
                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                        • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                        • Report size getting too big, too many NtReadFile calls found.
                                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                        • Skipping network analysis since amount of network traffic is too extensive
                                                                                                                                        • VT rate limit hit for: allpdfpro.msi

                                                                                                                                        Simulations

                                                                                                                                        Behavior and APIs

                                                                                                                                        TimeTypeDescription
                                                                                                                                        16:03:32API Interceptor51x Sleep call for process: DBar.exe modified
                                                                                                                                        16:03:38API Interceptor368x Sleep call for process: explorer.exe modified
                                                                                                                                        22:03:35Task SchedulerRun new task: OneStartAutoLaunchTask-d1b005fc-9638-4680-912d-46fbd5b0c6ec path: cmd.exe s>/C "START /MIN /D "%LOCALAPPDATA%\OneStart.ai\OneStart\Application" onestart.exe --existing-window"
                                                                                                                                        22:03:39AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run OneStartChromium "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window
                                                                                                                                        22:03:47AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run OneStartBar "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exe"
                                                                                                                                        22:03:55AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run OneStartUpdate "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --update
                                                                                                                                        22:04:03AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run OneStartChromium "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window
                                                                                                                                        22:04:11AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run OneStartUpdate "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --update

                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                        IPs

                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                        3.161.150.69S23UhdW5DH.exeGet hashmaliciousLummaC, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                        • account.booking.com/admin.php
                                                                                                                                        104.17.245.203https://downloadourauthfile-list.thsite.top/?em=EU-Sales-Support@scanlab.deGet hashmaliciousUnknownBrowse
                                                                                                                                          Report_7526.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                            https://astonishing-maize-sunstone.glitch.me/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                              De_posit Confirmati0n_ Mitie.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                https://app.bitdam.com/api/v1.0/links/rewrite_click/?rewrite_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyZXdyaXRlX2lkIjoiNjcyOGQ2YzliOTFmMDRhNDE1NjM3NTRhIiwidXJsIjoiIiwib3JnYW5pemF0aW9uX2lkIjo1ODQwfQ.Uhd2nS1gN1sUzvqpPDTmoAH1ZU9vF-hNz1sM06cv-iA&url=https%3A//www.google.it/url%3Fq%3Dhttps%3A//www.google.it/url%3Fq%3Dhttps%3A//www.google.it/url%3Fq%3Dhttps%3A//www.google.ro/url%3Fq%3Dhttps%3A//www.google.nl/url%3Fq%3DZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%25A0xys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%6E%65%77%68%6F%6D%65%73%76%6E%2E%63%6F%6D%2F%63%67%69%2F/3we/Y29saW4uZ3JhbnRAZmlyc3RvbnRhcmlvLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                  +1-481-481-XXX_audio.wa.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                    https://ipfs.io/ipfs/QmNRP5R9QkxB8MVgk2kWzrmB6GoTVL3gcLheGnJuUDPaXv?filename=forme.html#jstubblefield@securustechnologies.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                      rfc[1].htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                        http://sites.google.com/coinswallett.com/walletconnectt/home/Get hashmaliciousUnknownBrowse
                                                                                                                                                          http://cp-wc32.syd02.ds.network/~melbou28/cgi.bin/fr/d7f1d/Get hashmaliciousUnknownBrowse
                                                                                                                                                            151.101.193.229https://hobitronik.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                              https://app.seesaw.me/pages/shared_item?item_id=item.f55136ca-7b36-4379-9b77-58e407d2ea30&share_token=MZGyiosGTEy6zbWQfAekIw&mode=shareGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                https://hrdesign-my.sharepoint.com/:u:/g/personal/scott_hrdesigninc_com/EbJc5KBDp9FFtlL1fhxyW3gB4XLFt1qWVv8kUYI0bqQizQ?e=j79cKgGet hashmaliciousUnknownBrowse
                                                                                                                                                                  http://ads.alriyadh.com/www/delivery/ck.php?ct=1&oaparams=2__bannerid=538__zoneid=27__cb=e68f31160f__oadest=https://t.ly/Vp-kTGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                    Secured Audlo_summitbhc.com_3609336482.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                      Statement from Invoke Tax Partners.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                        http://www.axa-assistance.co.ukGet hashmaliciousUnknownBrowse
                                                                                                                                                                          https://kbprinters.com/serviciodecorreo/loginGet hashmaliciousUnknownBrowse
                                                                                                                                                                            +1-481-481-XXX_audio.wa.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                              https://sharepoint-peakstone.pages.devGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                151.101.194.137http://facebooksecurity.blogspot.dk/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                • code.jquery.com/jquery-1.7.min.js
                                                                                                                                                                                http://soporte-store.info/icloud2022-esp.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • code.jquery.com/jquery-1.11.3.min.js
                                                                                                                                                                                http://mi-outlook-loggin.click/icloud2022-esp.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • code.jquery.com/jquery-1.11.3.min.js
                                                                                                                                                                                http://www.oodlesoftraffic.com/ec/JaneMarksHealth/1934/acmariix2/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                • code.jquery.com/jquery-1.9.1.js
                                                                                                                                                                                http://facebooksecurity.blogspot.pe/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                • code.jquery.com/jquery-1.7.min.js
                                                                                                                                                                                https://tracker.club-os.com/campaign/click?qDomYmsgId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=demsaenlinea.mx/jahn/00987667839933/utilities@affordablecare.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • code.jquery.com/jquery-3.3.1.min.js

                                                                                                                                                                                Domains

                                                                                                                                                                                No context

                                                                                                                                                                                ASNs

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                FASTLYUShttps://xblgo.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 151.101.194.137
                                                                                                                                                                                https://u34251876.ct.sendgrid.net/ls/click?upn=u001.ordJ57g0HVndDa8Km-2BVUUFN1eIn5tdzIxrKbgsGfF9eVdl7b-2Fab-2BrUBdfIXH9yijR5LLM7kgivkgUI3nC3VajM00UDrq4ekI2XREqo0QmHcHyDyYWomvx9-2FHEtQ3o5rBM9AHzVSsjnwFSEJqic-2BEtw-3D-3DBxNa_qINdfz5Lp8EahgxJXfgGV-2Bk7caEgTUs2gtUTKNMgBkZ9mbVIMd-2B1UUN0TqdRRGrocW81C18onNWNx5Y6KM88Rr7odKCqMhALUPuUbXGlkOo01sEKeKdphXRhykHXKfSB-2By1s-2BNAgCL9-2BbtY8LNaKNV0sXQnlv-2F9fA-2BLZtaeadaVGHb32bFHhcOwS3ltfr2dig92MY6M8DrwwYiolgI1k4Q-3D-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 151.101.66.137
                                                                                                                                                                                0xh0roxxnavebusyoo.i486.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 151.101.2.49
                                                                                                                                                                                http://invoicehome.uk/invoice.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 185.199.108.153
                                                                                                                                                                                Invoice #16468.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 151.101.1.181
                                                                                                                                                                                https://vinculocomputer.com/run/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                • 151.101.2.137
                                                                                                                                                                                https://www.hopp.bio/hawksridgefarmsGet hashmaliciousMamba2FABrowse
                                                                                                                                                                                • 151.101.2.217
                                                                                                                                                                                https://axieu.com/terma/GeHDLfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 151.101.66.217
                                                                                                                                                                                https://www.canva.com/design/DAGV5ZsI2aM/Y4DbzinsvfGp5Ll4c_oJJQ/view?utm_content=DAGV5ZsI2aM&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 151.101.192.238
                                                                                                                                                                                https://fnv.morsentutra.ru/DD8Q/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                • 151.101.1.181
                                                                                                                                                                                AMAZON-02USfile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                • 108.138.128.93
                                                                                                                                                                                file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                • 108.139.47.108
                                                                                                                                                                                http://invoicehome.uk/invoice.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 35.162.159.57
                                                                                                                                                                                Invoice #16468.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 3.5.128.100
                                                                                                                                                                                https://www.hopp.bio/hawksridgefarmsGet hashmaliciousMamba2FABrowse
                                                                                                                                                                                • 18.239.69.79
                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                • 18.244.18.38
                                                                                                                                                                                8dPlV2lT8o.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                • 76.223.67.189
                                                                                                                                                                                7ObLFE2iMK.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                • 76.223.67.189
                                                                                                                                                                                https://axieu.com/terma/GeHDLfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 18.245.187.38
                                                                                                                                                                                https://www.canva.com/design/DAGV5ZsI2aM/Y4DbzinsvfGp5Ll4c_oJJQ/view?utm_content=DAGV5ZsI2aM&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 75.2.57.54
                                                                                                                                                                                AMAZON-02USfile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                • 108.138.128.93
                                                                                                                                                                                file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                • 108.139.47.108
                                                                                                                                                                                http://invoicehome.uk/invoice.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 35.162.159.57
                                                                                                                                                                                Invoice #16468.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 3.5.128.100
                                                                                                                                                                                https://www.hopp.bio/hawksridgefarmsGet hashmaliciousMamba2FABrowse
                                                                                                                                                                                • 18.239.69.79
                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                • 18.244.18.38
                                                                                                                                                                                8dPlV2lT8o.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                • 76.223.67.189
                                                                                                                                                                                7ObLFE2iMK.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                • 76.223.67.189
                                                                                                                                                                                https://axieu.com/terma/GeHDLfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 18.245.187.38
                                                                                                                                                                                https://www.canva.com/design/DAGV5ZsI2aM/Y4DbzinsvfGp5Ll4c_oJJQ/view?utm_content=DAGV5ZsI2aM&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 75.2.57.54

                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                No context

                                                                                                                                                                                Dropped Files

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\_platform_specific\win_x64\widevinecdm.dllComplete_with_DocuSign_49584.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  https://averellharriman.sharefile.com/public/share/web-sab7e0a816d3e4e0ca3a0899254901a6dGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    DRL-272112.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      View alert details #20GBQ4J.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                        shelbycountytn.gov.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          EPAYMENT_Receipt.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            Capelleaandenijssel.nl_reff_9918205228_HelNc2Zf7n.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              https://qrco.de/bfQgn5Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                Inv_Doc_18#908.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  http://www.revsharboomerang.comGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                    C:\Config.Msi\e037f7.rbs

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):779514
                                                                                                                                                                                                    Entropy (8bit):6.722615981280205
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12288:4u+9C+3NEdlCEsuaX1y6TInaAEVYjkh00ph0lhSMXleyWTJMVN59qU9OOGtbf:v+9C6ESE6TyaAghzh0lhSMXlYTg5t9Ox
                                                                                                                                                                                                    MD5:4133560EB8E957C02C970CEABB4B8D28
                                                                                                                                                                                                    SHA1:C1C3BDDDBECB0CC8A448AF69B4FCEFEAF13215A7
                                                                                                                                                                                                    SHA-256:E1FED0EA8DF388C641AE475407AF1751AC7F24C70480BD72BE0625BFE02C9BB7
                                                                                                                                                                                                    SHA-512:455C0DF8F8B54F5105C52DA9EBA3E11DEDD6FB96A43C87918B027C4B3CEA78B020B737607A6B3E8B1509A0024FB0BDA70B0F6719F8A054458742B49A18195DC6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:...@IXOS.@.....@V.kY.@.....@.....@.....@.....@.....@......&.{B96A3B94-FEB2-4492-85C6-20655FBC02EE}..OneStart PDF..allpdfpro.msi.@.....@.....@.....@........&.{30538BCD-1BCA-4F4E-AF29-F7CE786BCB9C}.....@.....@.....@.....@.......@.....@.....@.......@......OneStart PDF......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{FEE34822-BEE6-46CA-8BC7-812252175977}&.{B96A3B94-FEB2-4492-85C6-20655FBC02EE}.@......&.{D8511B6D-3FAD-4D18-929C-23F5ACD99D44}&.{B96A3B94-FEB2-4492-85C6-20655FBC02EE}.@........CreateFolders..Creating folders..Folder: [1]#.*.C:\Users\user\AppData\Local\OneStart.ai\.@....#.=.C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\.@........AI_FdRollback..Rolling back downloaded files#.Rolling back downloaded file: "[1]"L...AI_FdRollback.@.-....h...MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........J

                                                                                                                                                                                                    C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\LICENSE

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):473
                                                                                                                                                                                                    Entropy (8bit):4.388167319950301
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:LOT6w+DmsDZrkrDxBYRgELGNB+cIMLohXOl0t1iKR/UFioWd9+iAt4jZMeLhJoUs:iwDtVEDsCDLeelyigqBjt4eK2f55
                                                                                                                                                                                                    MD5:F6719687BED7403612EAED0B191EB4A9
                                                                                                                                                                                                    SHA1:DD03919750E45507743BD089A659E8EFCEFA7AF1
                                                                                                                                                                                                    SHA-256:AFB514E4269594234B32C873BA2CD3CC8892E836861137B531A40A1232820C59
                                                                                                                                                                                                    SHA-512:DD14A7EAE05D90F35A055A5098D09CD2233D784F6AC228B5927925241689BFF828E573B7A90A5196BFDD7AAEECF00F5C94486AD9E3910CFB07475FCFBB7F0D56
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:Google LLC and its affiliates ("Google") own all legal right, title and.interest in and to the content decryption module software ("Software") and.related documentation, including any intellectual property rights in the.Software. You may not use, modify, sell, or otherwise distribute the Software.without a separate license agreement with Google. The Software is not open.source software...If you are interested in licensing the Software, please contact.www.widevine.com.

                                                                                                                                                                                                    C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\_metadata\verified_contents.json

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1550
                                                                                                                                                                                                    Entropy (8bit):5.9461543350675905
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:p/hFkmoyMTI1jglp6NjkakKwk+R2VJAz5s:RhMka5adwTYQz5s
                                                                                                                                                                                                    MD5:98B310FC33843D771DA0089FA155EDB2
                                                                                                                                                                                                    SHA1:5690A43F43673B947EB4C433CB4F5488A287E29C
                                                                                                                                                                                                    SHA-256:28F09A4AF935D2894689CC00658D597257422CAFF20A01055EFD8E78AD5E829F
                                                                                                                                                                                                    SHA-512:E76830974EA54C94E857179CA0DA893E088034367CA5C33E71C1016B788E737D65AB49AD9A9E6FEB85385B963AF5C13DB0A91E3F3072AC91600E91A1CEA0AB6F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoicjdVVTVDYVZsQ05MTXNoenVpelR6SWlTNkRhR0VUZTFNYVFLRWpLQ0RGayJ9LHsicGF0aCI6Il9wbGF0Zm9ybV9zcGVjaWZpYy93aW5feDY0L3dpZGV2aW5lY2RtLmRsbCIsInJvb3RfaGFzaCI6IjIyaDRkdGc4WEx5b2pnb3h3STdVUWppQTRXZ1ZMSFg1YV9oWVZaTFpBNUEifSx7InBhdGgiOiJfcGxhdGZvcm1fc3BlY2lmaWMvd2luX3g2NC93aWRldmluZWNkbS5kbGwuc2lnIiwicm9vdF9oYXNoIjoiMDJOMUd3N2toUmZhRzFiQmZfelhqZFZfSmJDU3NKaDVabjJ4QXpnSGRpRSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKYWNDM1ZPSnpIc0hmR3RPQnNINjJiM3FkS25EZEZNNGlZYlFrOEozMkNjIn1dLCJmb3JtYXQiOiJ0cmVlaGFzaCIsImhhc2hfYmxvY2tfc2l6ZSI6NDA5Nn1dLCJpdGVtX2lkIjoib2ltb21wZWNhZ25hamRlamdubmppam9iZWJhZWlnZWsiLCJpdGVtX3ZlcnNpb24iOiI0LjEwLjI4MzAuMCIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"KnESAO6ts6E14P0aoVwC_yghkUn7_i9PCMh0NvK44eLJL04dv

                                                                                                                                                                                                    C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\_platform_specific\win_x64\widevinecdm.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):19236784
                                                                                                                                                                                                    Entropy (8bit):7.70214269860876
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:393216:FPRzXYeXFyjsrZuvpYl5SJIhw7PJeP9TZHZMaMq0Vrq8P:DFyjs0pYl1hwDJeVT7erq8P
                                                                                                                                                                                                    MD5:9D76604A452D6FDAD3CDAD64DBDD68A1
                                                                                                                                                                                                    SHA1:DC7E98AD3CF8D7BE84F6B3074158B7196356675B
                                                                                                                                                                                                    SHA-256:EB98FA2CFE142976B33FC3E15CF38A391F079E01CF61A82577B15107A98DEA02
                                                                                                                                                                                                    SHA-512:EDD0C26C0B1323344EB89F315876E9DEB460817FC7C52FAEDADAD34732797DAD0D73906F63F832E7C877A37DB4B2907C071748EDFAD81EA4009685385E9E9137
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                    • Filename: Complete_with_DocuSign_49584.pdf, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: DRL-272112.htm, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: View alert details #20GBQ4J.html, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: shelbycountytn.gov.pdf, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: EPAYMENT_Receipt.html, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: Capelleaandenijssel.nl_reff_9918205228_HelNc2Zf7n.html, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: Inv_Doc_18#908.pdf, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....Gf.........." ......o.........P.l......................................p].....c.%...`A..........................................!.......!...... ]......`[..$...f%..!...0].0:....!.8.....................!.(...`cp.@...........p.!..............................text.....o.......o................. ..`.rdata..x.....o.......o.............@..@.data...pv8...".......".............@....pdata...$...`[..&....#.............@..@.00cfg..0.....\.......$.............@..@.gxfg... (....\..*....$.............@..@.retplne......\.......%..................rodata.......\.......%............. ..`.tls..........\.......%.............@..._RDATA..\.....]...... %.............@..@malloc_h......]......"%............. ..`.rsrc........ ]......$%.............@..@.reloc..0:...0]..<...*%.............@..B................................................................................................

                                                                                                                                                                                                    C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\_platform_specific\win_x64\widevinecdm.dll.sig

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1427
                                                                                                                                                                                                    Entropy (8bit):7.572464059652219
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:38H/VZn47VBRxgCUQuODHBJeriJ8yojUdnkLvXWgl0oHLrUXAokYH/o8j/bmspTh:38HdurRxHSOlAiqYoXWVDXJ/o8zbmsFh
                                                                                                                                                                                                    MD5:A19EC48B4B28F3AA9C32150DCA8C0E39
                                                                                                                                                                                                    SHA1:02981E40B643C2A987D47BF58F42B7F3CA5AAF07
                                                                                                                                                                                                    SHA-256:D363751B0EE48517DA1B56C17FFCD78DD57F25B092B09879667DB10338077621
                                                                                                                                                                                                    SHA-512:718A24E1FB45AB0FD3DB5A5C45B0E0061D9061D8615E2A8D6DB2150BF72267E96774094A6FC07A250D5BBBC5133A1CB635D8F7ADC5B1751FA99327FCE9555941
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:....0...0...........6cd/+J.v{..B...0...*.H........0}1.0...U....US1.0...U....Washington1.0...U....Kirkland1.0...U....Google1.0...U....Widevine1"0 ..U....widevine-codesign-root-ca0...171013173909Z..271011173909Z0y1.0...U....US1.0...U....Washington1.0...U....Kirkland1.0...U....Google1.0...U....Widevine1.0...U....widevine-vmp-codesign0.."0...*.H.............0.........2F..8.e..-....$r...{^........0.%.HA...sA"D.q.=6...#.J.N.......&..k;.+...<xF.......B8.)S....o..|Ci.F.A6....J.......Y..4..{.5u.9N...=...#.M..s.F!j.f%&ld.R...?!Ot@......#.f..O..[.V.p0y....+...S.].....M.=.9...>.. ........>.:....1tl.....`D/c..j..........0..0...U......L...cC.E..R.n...$.0...U.#..0....=..tW....!.B.#U).0...U....0.0...U........0...U.%..0...+.......0...+.....y........0...*.H.............g.."..[..t{.4~.,.G....4K.....(x$...} .*...N..b|d......h..u6?.L.(&.Oup...$!...4R. 5.-...s...K/..U[..[.+.sAX*.~...^0..ba>;.#....x...b.-1...E..l....S.n.a....)U .q..C>d:...<[..F5...7...[.-.l}.T Lc.X..Qf...z..:.Q..e.m

                                                                                                                                                                                                    C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\manifest.fingerprint

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):66
                                                                                                                                                                                                    Entropy (8bit):3.9232676497295262
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:SQTWAEVtGbSHaqHGDTzoARPkBDF:SQyANeayyTzTP6
                                                                                                                                                                                                    MD5:5BFBCC6E7AA3E9C1570C5C73F38FA8EA
                                                                                                                                                                                                    SHA1:497BAFA5658C6CE8C8010D12F104EEBEC7A1BAE2
                                                                                                                                                                                                    SHA-256:84470096167EA43C0880B39FE44B42F552014E4F85B66805C2935C542BA3CB8E
                                                                                                                                                                                                    SHA-512:41BBED6CC317FF190189D63D6D5910D30E23A5160E5FF5F635FF408AAB13452DA8174556D7120DB176701435A3329A93A7450583404D56C34A37B67F1A332EDC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:1.567f5df81ea0c9bdcfb7221f0ea091893150f8c16e3012e4f0314ba3d43f1632

                                                                                                                                                                                                    C:\Program Files\chrome_Unpacker_BeginUnzipping2028_2045552866\manifest.json

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1001
                                                                                                                                                                                                    Entropy (8bit):4.774546324439748
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:ulaihI11X1TRuRckckH3WoA0UNqLQxUNqmTxyNq+TA:C1hYl1uRfckHkseDA
                                                                                                                                                                                                    MD5:2FF237ADBC218A4934A8B361BCD3428E
                                                                                                                                                                                                    SHA1:EFAD279269D9372DCF9C65B8527792E2E9E6CA7D
                                                                                                                                                                                                    SHA-256:25A702DD5389CC7B077C6B4E06C1FAD9BDEA74A9C37453388986D093C277D827
                                                                                                                                                                                                    SHA-512:BAFD91699019AB756ADF13633B825D9D9BAE374CA146E8C05ABC70C931D491D421268A6E6549A8D284782898BC6EB99E3017FBE3A98E09CD3DFECAD19F95E542
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{. "manifest_version": 2,. "update_url": "https://clients2.google.com/service/update2/crx",. "name": "WidevineCdm",. "description": "Widevine Content Decryption Module",. "version": "4.10.2830.0",. "minimum_chrome_version": "68.0.3430.0",. "x-cdm-module-versions": "4",. "x-cdm-interface-versions": "10",. "x-cdm-host-versions": "10",. "x-cdm-codecs": "vp8,vp09,avc1,av01",. "x-cdm-persistent-license-support": true,. "x-cdm-supported-encryption-schemes": [. "cenc",. "cbcs". ],. "icons": {. "16": "imgs/icon-128x128.png",. "128": "imgs/icon-128x128.png". },. "platforms": [. {. "os": "win",. "arch": "x64",. "sub_package_path": "_platform_specific/win_x64/". },. {. "os": "win",. "arch": "x86",. "sub_package_path": "_platform_specific/win_x86/". },. {. "os": "win",. "arch": "arm64",. "sub_package_path": "_platform_specific/win_arm64/". }. ],. "accept_arch": [. "x64",. "x86_64",. "x86_64h". ].

                                                                                                                                                                                                    C:\Program Files\chrome_url_fetcher_2028_1047642397\oimompecagnajdejgnnjijobebaeigek_4.10.2830.0_win64_dldxogwi36sxwpr57ta4lg57z4.crx3

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:Google Chrome extension, version 3
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14507539
                                                                                                                                                                                                    Entropy (8bit):7.999857010958995
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:196608:xtNkRLBghAdmkjek3vps8oUarofQnLJJaTLj6llFwyrvQCGDZjaPRwFJs1:YLKhh6vpsZUaBJJaTfazrvQRDJIRwF21
                                                                                                                                                                                                    MD5:3DB950B4014A955D2142621AAEECD826
                                                                                                                                                                                                    SHA1:C2B728B05BC34B43D82379AC4CE6BDAE77D27C51
                                                                                                                                                                                                    SHA-256:567F5DF81EA0C9BDCFB7221F0EA091893150F8C16E3012E4F0314BA3D43F1632
                                                                                                                                                                                                    SHA-512:03105DCF804E4713B6ED7C281AD0343AC6D6EB2AED57A897C6A09515A8C7F3E06B344563E224365DC9159CFD8ED3EF665D6AEC18CC07AAAD66EED0DC4957DDE3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:Cr24..............0.."0...*.H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.|1..n.<Fb..f..*Q1.....s..2..{*.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-*eu...b.........d.x.,.......o.6.......|..gn{F..d.."....L.....!_qC/..#......E.Z..tA....s..=...6*.%@..K(.v...D.v.z..ZO$...v.,....m.V?;'...e.ajM.@1.`..Fa.}......g.C.5...+.9...F|.b.nY.K....p..z...E.....|...Q..Gt.<....[.")nt+.....sw.i.`c.m}.....p.p..2:. .{..N.......0..0...*.H............0............<.bi.......'o..h...ZD..".^.`...........zG(.....d..,.t<...ZD..g.*_wI.5.-..g.).._......:.P.......B..4S....$..d...............E^.A...L.>F...E.A./VpY<.O3.....!.+Pv....6.a.r..?n.L .....s...V.^..x\.T.J...5...%aGe.0"}.QGc......T.Ljh.2..k.t.ym.....H..?.y....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!.......t.>g'=>.o.k....{..

                                                                                                                                                                                                    C:\Program Files\scoped_dir5620_990858864\Favicons

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, page size 2048, file counter 18, database pages 39, 1st free page 13, free pages 24, cookie 0x8, schema 4, UTF-8, version-valid-for 18
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):81920
                                                                                                                                                                                                    Entropy (8bit):1.5749364057089108
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:scw2ALUAw2AuuMsHXzCFPo1AwlwALum4TfWyYOnW3LEQVc4mhxYvL:JAoMAbHXeiYXqyxnkEIaxYj
                                                                                                                                                                                                    MD5:E031C97C587586B176498FFCFA1736B0
                                                                                                                                                                                                    SHA1:CF76750D3F5F264CEAA1DAE104E0901CECBB35C5
                                                                                                                                                                                                    SHA-256:2562D003CF42EEA5AFE2FABCE4B1D1D0243A5398BA1A260A09B5783BD0103F89
                                                                                                                                                                                                    SHA-512:C0A54BF23B0F11111A86218175EF15F730B0176BA2E83B609D54003CA60E5DA76415912A17BB0D2E2DD9805374264F9A6686CA15435020E8434C31B9A79FAD4E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ .......'..................................................................v..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                                                                                                                                    C:\Program Files\scoped_dir5620_990858864\History

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, file counter 21, database pages 54, 1st free page 10, free pages 14, cookie 0x50, schema 4, UTF-8, version-valid-for 21
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):229376
                                                                                                                                                                                                    Entropy (8bit):0.8702785449902919
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:u0ATqjAfepy42PWoo/oftTBBE3utC7UqrDvQoJMAa:rATq8feA42PWoo/oftTBBjuUVAa
                                                                                                                                                                                                    MD5:E782D8B6164B8CF64500A01B85E5FD38
                                                                                                                                                                                                    SHA1:C9D4CEAAE1A4FA6E8E74281520262B9ABCA02E18
                                                                                                                                                                                                    SHA-256:E42275C994991D8927C6FAAF7F38E394FFC080CAB5AE61136343DA5686C9B99F
                                                                                                                                                                                                    SHA-512:1C0D174F9CF3B0AC3331013C7E9E45B5646BECF11617E635E20370E4C9289D529CE922DF9719BC3354D0B78DD2AB990AC9DE81908E5D8F799386CF3936DE340A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ .......6...........P......................................................v.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\LocalLow\Intel\ShaderCache\d8c6ae4c33664fdd6a6a6fd7a4b90579babd05307e64a853668c87454a58f5e8

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):21704
                                                                                                                                                                                                    Entropy (8bit):7.897853167751344
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:j5n1OvL7fUIL6+KI0gPTsWIkOJxPD0H7O8NdkeVV8+J28eHmSjU7/K:bIUvZrxPG3/xPvJwHmS4G
                                                                                                                                                                                                    MD5:49EBF21265CEA7D320827C2AAA842ADC
                                                                                                                                                                                                    SHA1:D3BD0797A7F123942A998C787DC2F734D072D724
                                                                                                                                                                                                    SHA-256:6B2074461D56336AF0F3D5328F9890736D119E2C4026020F35D3CDA8675DC379
                                                                                                                                                                                                    SHA-512:F85D7CEFAEDF5BF40E7788EF891DBCC69FA6240A964A230225A81651C5B7AADB10CA9CAB191661DC9FB5BF30930E00094A224F1BC59387E66067CDB0AAE41FBD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:INSC.>.....Mar222021151921.J...P..i$;..?f.....1|..6...Wo....D~..j......................=I..p.Ex..=KC1..O"M....?PR..`._."..E.A......"~.Z/........vu......kNN...Q...O.......=...81...y.-.M..{?...........6...5.....30;m>.........@%.*.N......jn..8......"i....$|.M"............|...vW...U..f.s.U......PK\...u.......N..+y.`m....?...(nH..........3...0.y..P@.......Y....O]..$...`.2..X.)y~...9.u.x.$^.... ..;.*..........%a`......O.o..YfD.^;..[=).../...L.q.<....)....o.........(................6..pHLY&x...k.U....I7Y..../...Y..EW..".."....%aC.eE.4..m..=h.#.C)..T...%U..[..!...............ZQ.n.....{.....G..z...._.o'......o.....G.{..[.1.G.6..j.R.]..2EK.......T.."I.......R....B.m...:..%.2.$.B.u7.........t{Y.....n..)........Iq.vZ..b...<...^.o.k.m..w.....G..-O].......W........M/C.m.g..uckkL..._f.Y.....(.#..x.<.....O^..y....j.f..i....F....`J...~......./....../.2._.R.K=!*.K=.zKTF.V.9QyF..~..p......n.=:...5d...v...e.q0nY>...G.....{.rz...guy..ie...

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):40
                                                                                                                                                                                                    Entropy (8bit):3.254162526001658
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:FkXzcrK4sGe:+zcxne
                                                                                                                                                                                                    MD5:1FFC8D842569A9307FC85E7587770C05
                                                                                                                                                                                                    SHA1:E4A8E698E8A20F3BC0AE027C7DE553C0691C66F4
                                                                                                                                                                                                    SHA-256:448E44A1487C1EFA839B3DE46C71EB52D6B163E01274A9F8482E056B3AC9E1CC
                                                                                                                                                                                                    SHA-512:3F0261C27609BF5C87B325F4C2D18060D74D85C747ABAD9A24E3D6403B724B760E1E0BEE94EC93402D4C3AA0720000DFC9F96012F46E9923F83B01D1E63465B1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:sdPC....................{...UN..Fe\.c{

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\NotificationHelperMetrics\5544_13375832610728264.pma (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1136
                                                                                                                                                                                                    Entropy (8bit):4.1921977425643595
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:bi4xPEMbMkb1s1DSVQrdYWoIU5MlWMwHbaAgI6:bi2PXMM3WQOW7b6I6
                                                                                                                                                                                                    MD5:06B23A72838324CD3FE96BBD0AC85E85
                                                                                                                                                                                                    SHA1:E899D06E2ACA60763DF630894CF110F261DF703F
                                                                                                                                                                                                    SHA-256:94FF414CB95B0FE70AB2047F592DE3742DBC1B2170B7A5D19BF5628F3306D664
                                                                                                                                                                                                    SHA-512:3208DFA4D080944D5BAEDD570200BFDF177A9B9AB97EDD97E36068D4E8D78D176C801D8EBBDDF38DC2E4AE9ADE1AED936B790638F8126C94A911718347D132A4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:...@....................@...............p...................p...0...i.y.........NotificationHelperMetrics...........i.y..Yd.x.......A.......e............,..........=[L....................=[L................UMA.PersistentAllocator.NotificationHelperMetrics.UsedPct.......h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.8.......A...................V..>......m.&Y@..................m.&Y@................UMA.PersistentAllocator.NotificationHelperMetrics.Errors........ ...i.y.[".........................i.y..Yd.........A.............................(%.+g..................(%.+g................Notifications.NotificationHelper.ComServerModuleStatus..0...i.y.[".........................................i.y..Yd.0.......A....... ...2................%[:.....................%[:....................Notifications.NotificationHelper.ServerRuntime......i.y.["......................................................... ...)...4...B...T...

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Google\Chrome\User Data\NotificationHelperMetrics\fb6183d5-4d30-4ae3-aecd-95785c15dfc4.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                    Size (bytes):1136
                                                                                                                                                                                                    Entropy (8bit):4.1921977425643595
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:bi4xPEMbMkb1s1DSVQrdYWoIU5MlWMwHbaAgI6:bi2PXMM3WQOW7b6I6
                                                                                                                                                                                                    MD5:06B23A72838324CD3FE96BBD0AC85E85
                                                                                                                                                                                                    SHA1:E899D06E2ACA60763DF630894CF110F261DF703F
                                                                                                                                                                                                    SHA-256:94FF414CB95B0FE70AB2047F592DE3742DBC1B2170B7A5D19BF5628F3306D664
                                                                                                                                                                                                    SHA-512:3208DFA4D080944D5BAEDD570200BFDF177A9B9AB97EDD97E36068D4E8D78D176C801D8EBBDDF38DC2E4AE9ADE1AED936B790638F8126C94A911718347D132A4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:...@....................@...............p...................p...0...i.y.........NotificationHelperMetrics...........i.y..Yd.x.......A.......e............,..........=[L....................=[L................UMA.PersistentAllocator.NotificationHelperMetrics.UsedPct.......h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.8.......A...................V..>......m.&Y@..................m.&Y@................UMA.PersistentAllocator.NotificationHelperMetrics.Errors........ ...i.y.[".........................i.y..Yd.........A.............................(%.+g..................(%.+g................Notifications.NotificationHelper.ComServerModuleStatus..0...i.y.[".........................................i.y..Yd.0.......A....... ...2................%[:.....................%[:....................Notifications.NotificationHelper.ServerRuntime......i.y.["......................................................... ...)...4...B...T...

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):498
                                                                                                                                                                                                    Entropy (8bit):5.103913616294899
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:TMbhJpIO1mcROtW/yF0T8YA+it/0zsFE/TYEGs/4w:qhJ+CTRSnF1wlwFUY6
                                                                                                                                                                                                    MD5:90BE2701C8112BEBC6BD58A7DE19846E
                                                                                                                                                                                                    SHA1:A95BE407036982392E2E684FB9FF6602ECAD6F1E
                                                                                                                                                                                                    SHA-256:644FBCDC20086E16D57F31C5BAD98BE68D02B1C061938D2F5F91CBE88C871FBF
                                                                                                                                                                                                    SHA-512:D618B473B68B48D746C912AC5FC06C73B047BD35A44A6EFC7A859FE1162D68015CF69DA41A5DB504DCBC4928E360C095B32A3B7792FCC6A38072E1EBD12E7CBE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:<?xml version="1.0" standalone="yes"?>..<!DOCTYPE document [..<!ELEMENT document (node*)>.. <!ATTLIST document WMSNameSpaceVersion CDATA "2.0">....<!ELEMENT node (node*)>.. <!ATTLIST node name CDATA #REQUIRED>.. <!ATTLIST node opcode ( create | remove | setval | clearval | rename | movebefore ) #REQUIRED>.. <!ATTLIST node secure ( true | false ) #IMPLIED>.. <!ATTLIST node type ( string | boolean | int32 | binary | int64 ) #IMPLIED>.. <!ATTLIST node value CDATA #IMPLIED>..]>..

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exe
                                                                                                                                                                                                    File Type:exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):10191
                                                                                                                                                                                                    Entropy (8bit):4.792342140217129
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:/YkZRAF6zyHUhm77yB1pZYCEnfHrHH7B6xTGH+YCLV3zwULJEYCJWyHBt3zwFRh+:/2FV0bBPCfUdY
                                                                                                                                                                                                    MD5:7050D5AE8ACFBE560FA11073FEF8185D
                                                                                                                                                                                                    SHA1:5BC38E77FF06785FE0AEC5A345C4CCD15752560E
                                                                                                                                                                                                    SHA-256:CB87767C4A384C24E4A0F88455F59101B1AE7B4FB8DE8A5ADB4136C5F7EE545B
                                                                                                                                                                                                    SHA-512:A7A295AC8921BB3DDE58D4BCDE9372ED59DEF61D4B7699057274960FA8C1D1A1DAFF834A93F7A0698E9E5C16DB43AF05E9FD2D6D7C9232F7D26FFCFF5FC5900B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.<document WMSNameSpaceVersion="2.0">.... <node name="Control Protocol" opcode="create" >.. <node name="Object Store" opcode="create" >.. <node name="RTSP" opcode="create" >.. <node name="CLSID" opcode="create" type="string" value="{308786f0-8b15-11d2-b25f-006097d2e41e}" />.. <node name="Enabled" opcode="create" type="int32" value="0x1" />.. <node name="Properties" opcode="create" >.. <node name="Protocol" opcode="create" type="string" value="RTSP,RTSPA,RTSPT,RTSPU,RTSPM" />.. </node> Properties -->.... </node> RTSP -->.... <node name="Sessionless Multicast" opcode="create" >.. <node name="CLSID" opcode="create" type="string" value="{f9377800-f38d-11d2-b26c-006097d2e41e}" />.. <node name="Enabled" opcode="create" type="int32" value="0x1" />.. <node name="Properties" opcode="create" >.. <node name="Protocol" opcode="create" type="string" value="MCAST,RTP" />.. </node> Properties

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exe
                                                                                                                                                                                                    File Type:exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):10191
                                                                                                                                                                                                    Entropy (8bit):4.792342140217129
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:/YkZRAF6zyHUhm77yB1pZYCEnfHrHH7B6xTGH+YCLV3zwULJEYCJWyHBt3zwFRh+:/2FV0bBPCfUdY
                                                                                                                                                                                                    MD5:7050D5AE8ACFBE560FA11073FEF8185D
                                                                                                                                                                                                    SHA1:5BC38E77FF06785FE0AEC5A345C4CCD15752560E
                                                                                                                                                                                                    SHA-256:CB87767C4A384C24E4A0F88455F59101B1AE7B4FB8DE8A5ADB4136C5F7EE545B
                                                                                                                                                                                                    SHA-512:A7A295AC8921BB3DDE58D4BCDE9372ED59DEF61D4B7699057274960FA8C1D1A1DAFF834A93F7A0698E9E5C16DB43AF05E9FD2D6D7C9232F7D26FFCFF5FC5900B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.<document WMSNameSpaceVersion="2.0">.... <node name="Control Protocol" opcode="create" >.. <node name="Object Store" opcode="create" >.. <node name="RTSP" opcode="create" >.. <node name="CLSID" opcode="create" type="string" value="{308786f0-8b15-11d2-b25f-006097d2e41e}" />.. <node name="Enabled" opcode="create" type="int32" value="0x1" />.. <node name="Properties" opcode="create" >.. <node name="Protocol" opcode="create" type="string" value="RTSP,RTSPA,RTSPT,RTSPU,RTSPM" />.. </node> Properties -->.... </node> RTSP -->.... <node name="Sessionless Multicast" opcode="create" >.. <node name="CLSID" opcode="create" type="string" value="{f9377800-f38d-11d2-b26c-006097d2e41e}" />.. <node name="Enabled" opcode="create" type="int32" value="0x1" />.. <node name="Properties" opcode="create" >.. <node name="Protocol" opcode="create" type="string" value="MCAST,RTP" />.. </node> Properties

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSD.XML

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):53
                                                                                                                                                                                                    Entropy (8bit):4.66869469064966
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:sLRaE92JWyhHX9ovy4dduRun:sLzTyRXKvndI0
                                                                                                                                                                                                    MD5:A9B5DA9AEC61657B32393D96217165F0
                                                                                                                                                                                                    SHA1:80B5C577155ACD269B450D70F6B2CBED693EDF49
                                                                                                                                                                                                    SHA-256:9F4611369CF65B33D886489B2486FCA7B1E83E0DC998D35B15B3AA4C8478A28D
                                                                                                                                                                                                    SHA-512:0B73B232C03FFD5CE526A1EDE481A57C753D15D9EE39D4247ABFA52819B59FA676C63E30825DAF233E3139038C353DF84D652C4CE2CB71A706DDDBDFE0C70335
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:<document WMSNameSpaceVersion="2.0">....</document>..

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000003f.db

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\explorer.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):102512
                                                                                                                                                                                                    Entropy (8bit):4.030361649242293
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:h0k0XzoNBCviYiciox+kGqi6GUnjWS+14o6ZMs:2k0XkBCviYiciox+kFiXS+1r6ZV
                                                                                                                                                                                                    MD5:345EAF752C0959FF4C4F26051D543F99
                                                                                                                                                                                                    SHA1:09F79E86082926413519BBF89CC47D054B62D8A7
                                                                                                                                                                                                    SHA-256:926C6084F3E0AC76AC2045818EE32747887E78AA53142F2AC0B7660C066BB6BC
                                                                                                                                                                                                    SHA-512:3615BB9A03D8B1D05D7F9F16878686103F1FE27865D4BCD61A740082A69C155A2CAA4BA535BFDB587A7DE0757D7B9C3DE544A5B687C57199125BF9000F1D4DD8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:....h... ...p...........P...............Q......[..........x.......8...O.......e.n.-.U.S.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................A.r.t.h.u.r.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u......................(..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>...........................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6291456
                                                                                                                                                                                                    Entropy (8bit):7.910470778178187
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:98304:pAfe+xVOk0iN27W7pVZNjrZGwfN0mAsxPqQemtI8ZB6vaEcA7cQ/jd8FSoCAd6cx:pKUk1N27WNJZGsNlo/wLZBAkKcmQv9sK
                                                                                                                                                                                                    MD5:2BB6E5158F6E6AC8E9CAA7502EF89B74
                                                                                                                                                                                                    SHA1:5F085C965977871233B075BD96E437C048F69930
                                                                                                                                                                                                    SHA-256:DB428A4D7CD3D819D48321B6B32ABF9B8967A5ADF6C5ED536E87DD687ED6F9D4
                                                                                                                                                                                                    SHA-512:4171EEC236A6C4318A712C3C7637F65C4B535C14D03AA75DCE5778019255E8F62231018E0E2699898FDB7D5303B6D1ECC9FC265406D122C06A2031EE62F4A701
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:CMMM .................].CMMM............ .......-...,...,.......j...\x.|.....k..d.0.c.0.9.6.b.5.9.3.f.4.f.6.f.8..PNG........IHDR...,...,.......Z.....sRGB.........gAMA......a.....IDATXG.X[L.e.>..ri.E.....A..`..D..........Xk5.(^b.c".>..o.h+.[kZ.&j..X...T.&..).Z@..R`w..w..vwv.ff.%i..N....9...g..*.a....._7. ... ..X.Y.&4..Wg.F.8...1...k[.l.2..0HV... Vb..Q]z..g...y.7-}M..D.k.5....\+...<.'....dg.o....w..Y k. [...U....xSa.~I'..$].^|..n..#."..A.6d3.?..;..v(..i..Y.O.LX(k.]h_.R...O.[..=.l.....n..N.'.=..../.v.HP!....5.c*...."....A.8).BRr...$.Ly..._.Z..W.?...........Dc.........*z`........,}.G?.=?B..............o./:..p...J...$....0O[#.t....H..xV...3>O..:Ec..X.r3.......9Ny.+...-L..`...I.:G[....'...Q+I..../.....W.T..4....s.#...Z0.,..."....W...>Y.^.8?..h|...1tZK..&..,..G.... ..dPVB.-.......B...f....j......xJ..z...N...,...d..}.0..n....{.$......}.1JW..*'F..yaZ.n...:..]...S..gu....Rt.$.NV.4...0....+,..T.v....0>>.p*.y..7.E......1....%..a5.1.rH..W...*9y.$..{6..a.I..".

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\ONESTART.PACKED.7Z

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe
                                                                                                                                                                                                    File Type:7-zip archive data, version 0.4
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):100079759
                                                                                                                                                                                                    Entropy (8bit):7.999997934250513
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1572864:9bUN53887BAKLIEzXXePZeNPLCY4mVNearlCnDLEW4eP/nYFeAvsrWFuuzr:Ji3TLIEdPHlrlCnDLIeXnYFe+Fzzr
                                                                                                                                                                                                    MD5:E6D53FAE5A6C9B9DC62EFA22DEF2006B
                                                                                                                                                                                                    SHA1:3649A90D31D0051553DC382DCFF41797A67FF6C1
                                                                                                                                                                                                    SHA-256:0393E0BF4C54F5764F6A2B277AB249F39045FC67C45CF85ED791813AC6907FDF
                                                                                                                                                                                                    SHA-512:F913D7C401CCBAF3F5209CAD61394E07F3BB88BD23A22F727CF1A2FF464CA027E375344C3CFAC11887CE7D2DBCA49C59B443F6785D62A97B220A9AD324FF62B5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:7z..'...PU.................K..,......8%D....G.........?.u.Hf.2:!kFo)..-.m.OI(...HJ..V1...R.....<..C.2I..2....GRA.U[<.>3..`.Z}.o..=....7.5R...2....p?.4a.d.kg..]D..#....'........1~.....eY.Ms..........7..'.;.4.N^../.DQp.s..2}9........@.N...:A.(.xF...T.~.%.Tq.7M!..h......a...=.....u-..C"...+...s.5..o.G.{.[Gj`V...\?A.OTF&..A/};.6......nX..o...R.Jf.:..Ao@..w.CCX..t..bz......gh..*...T.{.Y.J..)A..E..}\%.S..d.;.A.A..yp.B.4-......aw..:...Ht.^..y. ..F..0....sd........g..Q~...P2U.....i....J.NT....&.\...a*...l...%.FO.(......us.......5.....c25.w..0.m...........#..K.3w.b.y9QE.0h.....|X.;.<....-.j{...A.$b.P'.I../.k..D.zD...BB....`...`o....G.B.....)...\!$)a.E..r..U/....[.../..R...]v....-.).P...x.<.^2._......d...V...;y...c.}.u.......E.....A.....>:..<.UM*....\.. <....*.J..lDe+C.a...?-[.uQ3..G.w..Y9...k..rd....?.d......&L.W.NQ..9........6.]P.KJ.W..D.>eHP.f...0\...D..4.)..>1.4I.....j}.st.....5.x..'cM(*K.......Hu.9...K..@.O....Y...../.V~z-..a....N.T.H .

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\SETUP.EX_

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe
                                                                                                                                                                                                    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 1587725 bytes, 1 file, at 0x2c "setup.exe", number 1, 101 datablocks, 0x1 compression
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1587725
                                                                                                                                                                                                    Entropy (8bit):7.998343002807147
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:49152:ccl9F4yZ3XJZqsxyUL88oeq+YCDmaZNX36Rzhw1:cIF423XrTx18CoCDXNXKRzY
                                                                                                                                                                                                    MD5:EE6F5AAC33DE8F92C84C9D035F053311
                                                                                                                                                                                                    SHA1:23257343B3E3BFE7F357AB093097827984F2B701
                                                                                                                                                                                                    SHA-256:0B1EB241A5A393025E41967235A311B3B8ED831ADDDBBF82ED8FE0032184887B
                                                                                                                                                                                                    SHA-512:DE4ADC006815BAF7FAF8B45EF92F3211DC09A7607EFBC674FB8EAC3C873E470343F9334390B2F0BD60EFCFF5379F87AFAEA89AA8F3086A691C391335A05AA7E1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MSCF.....:......,...................F...e...H<2........Y....setup.exe......,..CK.}.xT....`P...Xh;.N.qR.m.^..D..gB*..D...VdR..JI.$...y..{.....y.~O..........Q...........&.....9.?..{.+.}..g..^k..^g....:..q\&......o..M..[..7&.;}.M~wz..O.vT..W.z.)...\._.X..c.wV:.X.......c...W\.q...}.tQ../...]=f..=;..j'R...).'0..N....1.+..&.0.vx\.h.2....z.n........8n....V..vh..UNt!!.s.....y7s....f....l.N(......0..O.....<.n.\.<3...sO...f7k..G.<.q?.p, .>.\7.H...=.X7.-@D.-...7..$...b.i.0W.....L.W......^.f......o.ck.V.|.7...E2......X..].V....x.9...'VV..!..kI.'?.......eAC..]....!....-.r.y.+....I7.........p.L;..~.:......S....Ma.......Uk.P....../.q..|..X.4.E..O.b1h<.V.w..o'.u-\.nm....^g:x..gk.g.$........1(..b_....D%..xa..Z.xC.C.|[..?....p...h.......V..4.$.z7..>>6.....S...y`...I....3."........A.<.H.o...1.#._.YI......AX....--?.D.....u..$M.32.k.H.'eh...H.....w....z.uk...'.....H...<,5.....sX\...X..~}*....:.tL.....O....:....s....m'..ya(.aA..7..tB....K3?.'6=6.....

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe
                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3292232
                                                                                                                                                                                                    Entropy (8bit):6.529197209303347
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:49152:BYqePk0N6MBSqKZvWsYt2MPfEqKbZorwrDUI1oZsr7hLe:VNZvA2FqK6U35p
                                                                                                                                                                                                    MD5:105A51C7DEF4390A6D9F8BD0E76178DD
                                                                                                                                                                                                    SHA1:BC09B0B9D5DE53D4F2E42DD798A383B54CB0E354
                                                                                                                                                                                                    SHA-256:9A07E0DA549EA9EA95BBB94FE1353A5EFB61A8B0F1139BB086DA8B3A3CE7489B
                                                                                                                                                                                                    SHA-512:E68DBBE07557189D8EFBB74DDD9A26E31C63FB89E46378B288FD8859BA4ADEDA0732344F3703C0E9796AD585E1D338FCFF5E1364622F8F34A89DA5BDF9252C14
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...7.Nf.........."......z%.........0..........@.............................`3.....V.3...`.........................................;j*.N....j*...... /......@-..3....2.H(...03.@)...K*......................J*.(...P.%.@............z*......i*.@....................text....y%......z%................. ..`.rdata........%......~%.............@..@.data...<.....+......f+.............@....pdata...3...@-..4...\,.............@..@.gxfg...@3.......4....-.............@..@.retplne..............-..................tls..................-.............@...CPADinfo8.............-.............@...LZMADEC...............-............. ..`_RDATA......../.......-.............@..@.rsrc........ /.......-.............@..@.reloc..@)...03..*....1.............@..B........................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):102822472
                                                                                                                                                                                                    Entropy (8bit):7.999237967469991
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1572864:uHbUN53887BAKLIEzXXePZeNPLCY4mVNearlCnDLEW4eP/nYFeAvsrWFuuz:u7i3TLIEdPHlrlCnDLIeXnYFe+Fzz
                                                                                                                                                                                                    MD5:1C893E34134BB81B487D00F5282BEB89
                                                                                                                                                                                                    SHA1:9A7DD899B66356E943D006C5FA5482A1B04118D8
                                                                                                                                                                                                    SHA-256:9FAB8C9680857B501359174E1A2DF878D5B99B5860CD768FC2741903CC9987CD
                                                                                                                                                                                                    SHA-512:52B404EF47124340229260D90A174A79CCBC590598437A59E04EB3E96618AEF6BE9E7EFC67EA90B82BA6A1993C733E936528DA62244B029195C598D7CBA6A689
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...7.Nf.........."..................`.........@..............................!.....H+!...`.................................................p<....... ..._...P..Ho.... .H(....!......1.......................0..(.... ..@............D...............................text............................... ..`.rdata..t.... ......................@..@.data....Q..........................@....pdata..Ho...P...p..................@..@.gxfg....+.......,...&..............@..@.retplne.............R...................tls....1............T..............@..._RDATA...............V..............@..@.rsrc...._... ...`...X..............@..@.reloc........!....... .............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe.part

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):102822472
                                                                                                                                                                                                    Entropy (8bit):7.999237967469991
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1572864:uHbUN53887BAKLIEzXXePZeNPLCY4mVNearlCnDLEW4eP/nYFeAvsrWFuuz:u7i3TLIEdPHlrlCnDLIeXnYFe+Fzz
                                                                                                                                                                                                    MD5:1C893E34134BB81B487D00F5282BEB89
                                                                                                                                                                                                    SHA1:9A7DD899B66356E943D006C5FA5482A1B04118D8
                                                                                                                                                                                                    SHA-256:9FAB8C9680857B501359174E1A2DF878D5B99B5860CD768FC2741903CC9987CD
                                                                                                                                                                                                    SHA-512:52B404EF47124340229260D90A174A79CCBC590598437A59E04EB3E96618AEF6BE9E7EFC67EA90B82BA6A1993C733E936528DA62244B029195C598D7CBA6A689
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...7.Nf.........."..................`.........@..............................!.....H+!...`.................................................p<....... ..._...P..Ho.... .H(....!......1.......................0..(.... ..@............D...............................text............................... ..`.rdata..t.... ......................@..@.data....Q..........................@....pdata..Ho...P...p..................@..@.gxfg....+.......,...&..............@..@.retplne.............R...................tls....1............T..............@..._RDATA...............V..............@..@.rsrc...._... ...`...X..............@..@.reloc........!....... .............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\.data\OneStart.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):100703296
                                                                                                                                                                                                    Entropy (8bit):7.998806588704543
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3145728:aREjTMHZjZNczkRK7hAim9AuIaDCXRqM1jj3tlShnir+C62:nMHZjaR7hAd9A5aDCXRd1jjjShE+Cp
                                                                                                                                                                                                    MD5:6E916C44A4B1DA39536EE07F1B4B234B
                                                                                                                                                                                                    SHA1:39A919C4B952CC969082AD98157C08516886A53A
                                                                                                                                                                                                    SHA-256:FC619F667519CBBC2A1950841B1E366305D03E2B3B46FF1069FBE0BECB382A0B
                                                                                                                                                                                                    SHA-512:31520539A337D30A6F5A13ABFD5F366508F118F3867E6D0A45C2F375C1BEE2FAC3A81DDD7C7AE30765D03B3F8E7E434B3DF3F36382AF936F0E02D945CB4CD939
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........."......d...........`.........@..........................................`..........................................H..W...(I......................t..@(...`......,:.......................9..(.......@............Q...............................text....c.......d.................. ..`.rdata..<x.......z...h..............@..@.data...............................@....pdata.............................@..@.gxfg...@.... ...0...R..............@..@.retplne.....P...........................tls....I....`......................@..._RDATA.......p......................@..@.rsrc...............................@..@.reloc.......`.......\..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\.data\OneStart.json

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):168
                                                                                                                                                                                                    Entropy (8bit):4.302870542554952
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:YEF2P773H8ILPemRpLHk/+1dIX/OcKHsMo6QEGP5xGRKWkA/HHY:YExkfLHk/+XSKH87pxGRKiHY
                                                                                                                                                                                                    MD5:4737FB6C988A593F1D6EFF82274E8B34
                                                                                                                                                                                                    SHA1:F54BA40034F68D6300809F13F6F601CF4B729C7A
                                                                                                                                                                                                    SHA-256:966B11638F5C06DE47C23A9AB6CDC804A82C12556EB29D315AEFD95BB5875D9B
                                                                                                                                                                                                    SHA-512:0813E19DB8AC98BD8FEB4AA3536BB55BF374B06DF18A22BDDB4D3FE238F27079972755E96FD052CD5EE1B14A5A9B31664433F00FABDF10AE8F673A4B3673F5B0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"ai":"0","bb_mode":"0","cid":"","db_mode":"1","fhkey":"","iid":"d1b005fc-9638-4680-912d-46fbd5b0c6ec","p_index":"2","uac":"","uac_attempt":"","uac_last":"","wciid":""}

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\.data\updates.dat

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:Generic INItialization configuration [OneStart]
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1018
                                                                                                                                                                                                    Entropy (8bit):5.339066121307136
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:1VWj0cTPYJimQZ6ETdgN2WrhVngNJh6/NA:OQcTQJdQZ62dgOJh61A
                                                                                                                                                                                                    MD5:B9385DFD7D70750BD5980EB584CCD432
                                                                                                                                                                                                    SHA1:E06F0D2CED19B6CA05D77199D46C578AA7E388A7
                                                                                                                                                                                                    SHA-256:349E960D72012A89A6A7C332B5DBC43A6556522C2C35720A521F1778EAB7011D
                                                                                                                                                                                                    SHA-512:5C5D4177A618E551AD7F41124C52929F1FB036094BBB30E4C347E7EE756126D54AC7881D3C4884F6E0A9CD29E0F9A773425F5B0054B764C498C3D2BF39296CD6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:;aiu;......[Update]...Name = OneStart Software...ProductVersion = 10.116.180.0...URL = https://d1cvahyfkfdxyq.cloudfront.net/OneStartSetup-v10.116.180.0.msi...URL1 = https://atlasox.s3.amazonaws.com/bb/OneStartSetup-v10.116.180.0.msi...Size = 90251776...MD5 = a6bcc328c50138792caf8c546081b750...CommandLine = /qn...ServerFileName = OneStartSetup-v10.116.180.0.msi...Flags = SilentInstall...RegistryKey = HKCU\SOFTWARE\OneStart.ai\OneStart Software\Version...Version = 10.116.180.0...UpdatedApplications = OneStart Software(1.0-1.1.102.18136]......[OneStart]...Name = OneStart...ProductVersion = 128.0.6613.125...URL = https://resources.onestart.ai/onestart_installer_128.0.6613.125.exe...Size = 100703296...MD5 = 6e916c44a4b1da39536ee07f1b4b234b...CommandLine = /qn...ServerFileName = onestart_installer_128.0.6613.125.exe...Flags = SilentInstall...RegistryKey = HKUD\Software\OneStart.ai\OneStart Software\Version...Version = 128.0.6613.125...UpdatedApplications = OneStart[125.0.6422.142];OneStart[

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\126.0.6478.128\Installer\onestart.7z (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe
                                                                                                                                                                                                    File Type:7-zip archive data, version 0.4
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353549721
                                                                                                                                                                                                    Entropy (8bit):6.919691474732482
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3145728:k1y5yMm8gxbeOu0EJIrH9RP7qDB1D0ew8d0:kAIegpewq/u
                                                                                                                                                                                                    MD5:AB2A5B86047970BD7BB85579702D6B96
                                                                                                                                                                                                    SHA1:4580AF7B2E5946B51C7608DE16834854C047EAD5
                                                                                                                                                                                                    SHA-256:F1B8299E7C445780009568E552FBECA0A1C1706C1B55AFDAF3CE00CA79976E67
                                                                                                                                                                                                    SHA-512:356276EE6E215D9E8DC6C972F57F00CFECCE9797F99869DDFC8B10662D1C24EEBC5458E660CA1E8153C419EE8A746058721BD5DAA72DA635690D9DAA87401328
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:7z..'....{.fS.......&.........0.<assembly.. xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>.. <assemblyIdentity.. name='126.0.6478.128'.. version='126.0.6478.128'.. type='win32'/>.. <file name='chrome_elf.dll'/>..</assembly>..MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...7.Nf.........." .....H..........@................................................<....`A..........................................:.....(.:...... .......0n...\..n..H(...@...... .,.8...................0.,.(.......@...........h.;.....@.:......................text....G.......H.................. ..`.rdata.......`.......N..............@..@.data........`?......D?.............@....pdata....\..0n...]...K.............@..@.gxfg....C...0...D..................@..@.retplne.............D...................rodata..............F.............. ..`.tls.................X..............@...CPADinfo8............h..............

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\user.history

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\user.settings

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2042
                                                                                                                                                                                                    Entropy (8bit):5.037053340322376
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:723258895E4D05BF4D6F2B2D37B05E3B
                                                                                                                                                                                                    SHA1:02674C5F51B84239311E805041307127B7E30BF1
                                                                                                                                                                                                    SHA-256:E11B2C52F81636635B1479A623736A1CC1E8BD1C0F198740873D74D039EB65F1
                                                                                                                                                                                                    SHA-512:37887C867722D981D6DEB22A7E655250DF199BCEB660B8B752B570678C6AA13143BFD58AE915629BC7A6D49CF257A0F3BEF54AE925F6F0EDA75B83132AEA923D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{.. "DashboardFirstRun": true,.. "DefaultBrowser": "",.. "AppLaunch": 1,.. "SentBrowserEvent": false,.. "Query": 0,.. "TimeOfLastQuery": "0001-01-01T00:00:00+00:00",.. "ActiveDaysSinceLastQueryPrompt": 0,.. "TotalActiveDays": 0,.. "ShowApps": true,.. "IsCelsius": false,.. "SearchBarAlignment": "Center",.. "ShowWeather": true,.. "ShowSnippingTool": true,.. "ShowPrint": false,.. "ShowClipboard": true,.. "ShowMediaControl": true,.. "IsMediaControlSupported": true,.. "ShowRecycleBin": true,.. "ShowBrowser": true,.. "ShowScreenRecorder": true,.. "ShowMsStore": true,.. "ShowAiBrowser": true,.. "ShowWindowCount": 4,.. "PrevWindowCount": 4,.. "PrevAppsCount": 4,.. "TimeZone": null,.. "NewsCategory": null,.. "CurrentWallpaperKey": "",.. "CurrentWallpaperUrl": "",.. "InstalledApps": [],.. "PrePinnedApps": [],.. "InstalledAppsUrls": {},.. "LabeledApps": {},.. "BlockListsUpdated": 0,.. "SearchFeed": "Google",.. "ReviewGiven": false,.. "RunInBackground": false,.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\SetupMetrics\04122c68-5870-4b12-b4b7-eaf8b0acaab1.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                    Size (bytes):520
                                                                                                                                                                                                    Entropy (8bit):3.761109325737151
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:D7BDECBDDAC6262E516E22A4D6F24F0B
                                                                                                                                                                                                    SHA1:1A633EE43641FA78FBE959D13FA18654FD4A90BE
                                                                                                                                                                                                    SHA-256:DB3BE7C6D81B2387C39B32D15C096173022CCCEE1015571DD3E09F2A69B508A9
                                                                                                                                                                                                    SHA-512:1E72DB18DE776FE264DB3052CE9A842C9766A720A9119FC6605F795C36D4C7BF8F77680C5564F36E591368CCD354104A7412F267C4157F04C4926BCE51AEEAA1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:...@....................@...................X...............`... ...i.y.........SetupMetrics........i.y..Yd.X.......A.......e............,.........C*.3...................C*.3................UMA.PersistentAllocator.SetupMetrics.UsedPct....h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.0.......A...................V..>.....T.A.^.#.................T.A.^.#................UMA.PersistentAllocator.SetupMetrics.Errors..... ...i.y.[".....................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\SetupMetrics\7040_13375832611243771.pma (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):520
                                                                                                                                                                                                    Entropy (8bit):3.761109325737151
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:D7BDECBDDAC6262E516E22A4D6F24F0B
                                                                                                                                                                                                    SHA1:1A633EE43641FA78FBE959D13FA18654FD4A90BE
                                                                                                                                                                                                    SHA-256:DB3BE7C6D81B2387C39B32D15C096173022CCCEE1015571DD3E09F2A69B508A9
                                                                                                                                                                                                    SHA-512:1E72DB18DE776FE264DB3052CE9A842C9766A720A9119FC6605F795C36D4C7BF8F77680C5564F36E591368CCD354104A7412F267C4157F04C4926BCE51AEEAA1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:...@....................@...................X...............`... ...i.y.........SetupMetrics........i.y..Yd.X.......A.......e............,.........C*.3...................C*.3................UMA.PersistentAllocator.SetupMetrics.UsedPct....h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.0.......A...................V..>.....T.A.^.#.................T.A.^.#................UMA.PersistentAllocator.SetupMetrics.Errors..... ...i.y.[".....................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\chrome_proxy.exe (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe
                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3292232
                                                                                                                                                                                                    Entropy (8bit):6.529197209303347
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:105A51C7DEF4390A6D9F8BD0E76178DD
                                                                                                                                                                                                    SHA1:BC09B0B9D5DE53D4F2E42DD798A383B54CB0E354
                                                                                                                                                                                                    SHA-256:9A07E0DA549EA9EA95BBB94FE1353A5EFB61A8B0F1139BB086DA8B3A3CE7489B
                                                                                                                                                                                                    SHA-512:E68DBBE07557189D8EFBB74DDD9A26E31C63FB89E46378B288FD8859BA4ADEDA0732344F3703C0E9796AD585E1D338FCFF5E1364622F8F34A89DA5BDF9252C14
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...7.Nf.........."......z%.........0..........@.............................`3.....V.3...`.........................................;j*.N....j*...... /......@-..3....2.H(...03.@)...K*......................J*.(...P.%.@............z*......i*.@....................text....y%......z%................. ..`.rdata........%......~%.............@..@.data...<.....+......f+.............@....pdata...3...@-..4...\,.............@..@.gxfg...@3.......4....-.............@..@.retplne..............-..................tls..................-.............@...CPADinfo8.............-.............@...LZMADEC...............-............. ..`_RDATA......../.......-.............@..@.rsrc........ /.......-.............@..@.reloc..@)...03..*....1.............@..B........................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\master_preferences

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):396
                                                                                                                                                                                                    Entropy (8bit):4.662804531671955
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:FBF9A717CA4FCA4EE3484010B0E18281
                                                                                                                                                                                                    SHA1:8D522BDC635CD9EC165E4CA7D89E04F80D02DA0C
                                                                                                                                                                                                    SHA-256:60A80B15E8FCDA316C795321C4D80F494C926095CF52A7BF3BDD54F85513062E
                                                                                                                                                                                                    SHA-512:FDECF3F904C13EDFDC5C9456055D5146E5A6E288BA8BE9FBA0F20E2A4D0A37EBCC331A8F990AA81CC16EA608729B918B1F8327AC5C8A95423B5FD4B6092688A3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"distribution":{"import_bookmarks":"true","import_history":"true","verbose_logging":"true","log_file":"onestartsetup.log"},"first_run_tabs":["https://pdf.onestart.ai/en/pdfeditor"],"session":{"restore_on_startup":1},"browser":{"window_placement":{"bottom":1030,"left":10,"maximized":true,"right":955,"top":10,"work_area_bottom":1040,"work_area_left":0,"work_area_right":1920,"work_area_top":0}}}

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source6540_1742458073\onestart-bin\126.0.6478.128\126.0.6478.128.manifest

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):228
                                                                                                                                                                                                    Entropy (8bit):4.952191968532408
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:76840865DE64427B9D82976F4311A931
                                                                                                                                                                                                    SHA1:52781325C30C288F238CF83C25A05B58A4E0657A
                                                                                                                                                                                                    SHA-256:8D9636C4C45572CF62C6DD965A958BE6CC3E7E460CABA4A73233AC3693FE05CD
                                                                                                                                                                                                    SHA-512:EE029C6FF3F417A38CBAF2560EAEE594B2982CE0983CE67610516D66929E96EAF7DA2D71EB618486581AC11747B136683E91451C20589CEA7C3BB06897F6F809
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:<assembly.. xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>.. <assemblyIdentity.. name='126.0.6478.128'.. version='126.0.6478.128'.. type='win32'/>.. <file name='chrome_elf.dll'/>..</assembly>..

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source6540_1742458073\onestart-bin\126.0.6478.128\chrome.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):230987336
                                                                                                                                                                                                    Entropy (8bit):6.7137492805416485
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:2FB771A9EE02933EFC0E6B4D8EB87F12
                                                                                                                                                                                                    SHA1:B804A513200CBC66300FB2A3100A30F606A8D620
                                                                                                                                                                                                    SHA-256:85158DEC118705D93ABAB2DCD835D0EFC63D4394A50EB86D2447E70042FE00B2
                                                                                                                                                                                                    SHA-512:3BFF9DEF8C5BD0B35B65F81EF879B4D94A67548151DEE943E158F69719B8F21692685E3F8483EA1A7AD5832FEA3767B3ACC6734F12F4CB6404DEFF3EFEB4AAA1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...7.Nf.........." .....H..........@................................................<....`A..........................................:.....(.:...... .......0n...\..n..H(...@...... .,.8...................0.,.(.......@...........h.;.....@.:......................text....G.......H.................. ..`.rdata.......`.......N..............@..@.data........`?......D?.............@....pdata....\..0n...]...K.............@..@.gxfg....C...0...D..................@..@.retplne.............D...................rodata..............F.............. ..`.tls.................X..............@...CPADinfo8............h..............@...LZMADEC..............j.............. ..`_RDATA...............|..............@..@malloc_h.............~.............. ..`prot................................@..@.rsrc........ ... ..................@..@.reloc.......@......................@..B................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source6540_1742458073\onestart.7z

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe
                                                                                                                                                                                                    File Type:7-zip archive data, version 0.4
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):353549721
                                                                                                                                                                                                    Entropy (8bit):6.919691474732482
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:AB2A5B86047970BD7BB85579702D6B96
                                                                                                                                                                                                    SHA1:4580AF7B2E5946B51C7608DE16834854C047EAD5
                                                                                                                                                                                                    SHA-256:F1B8299E7C445780009568E552FBECA0A1C1706C1B55AFDAF3CE00CA79976E67
                                                                                                                                                                                                    SHA-512:356276EE6E215D9E8DC6C972F57F00CFECCE9797F99869DDFC8B10662D1C24EEBC5458E660CA1E8153C419EE8A746058721BD5DAA72DA635690D9DAA87401328
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:7z..'....{.fS.......&.........0.<assembly.. xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>.. <assemblyIdentity.. name='126.0.6478.128'.. version='126.0.6478.128'.. type='win32'/>.. <file name='chrome_elf.dll'/>..</assembly>..MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...7.Nf.........." .....H..........@................................................<....`A..........................................:.....(.:...... .......0n...\..n..H(...@...... .,.8...................0.,.(.......@...........h.;.....@.:......................text....G.......H.................. ..`.rdata.......`.......N..............@..@.data........`?......D?.............@....pdata....\..0n...]...K.............@..@.gxfg....C...0...D..................@..@.retplne.............D...................rodata..............F.............. ..`.tls.................X..............@...CPADinfo8............h..............

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\Update\transfer.dat

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:9BF31C7FF062936A96D3C8BD1F8F2FF3
                                                                                                                                                                                                    SHA1:F1ABD670358E036C31296E66B3B66C382AC00812
                                                                                                                                                                                                    SHA-256:E629FA6598D732768F7C726B4B621285F9C3B85303900AA912017DB7617D8BDB
                                                                                                                                                                                                    SHA-512:9A6398CFFC55ADE35B39F1E41CF46C7C491744961853FF9571D09ABB55A78976F72C34CD7A8787674EFA1C226EAA2494DBD0A133169C9E4E2369A7D2D02DE31A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:15

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\22dc553a-87b1-4820-958e-039ab3af0ef2.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3454
                                                                                                                                                                                                    Entropy (8bit):5.397487163032197
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:3A7036D87B1DF61619F656E828E7A79B
                                                                                                                                                                                                    SHA1:161A421DDFEAB700CB928B0772A977715261F468
                                                                                                                                                                                                    SHA-256:0610A34F8A1653CF6B9AD77346FBE534F88B29A14C2BEF7914BD297215CCD07B
                                                                                                                                                                                                    SHA-512:8BCCA94A6AA2F18BCB17B96461264DF5B72A9B43D9FFC4F0C7F437E58EDDBE59E2A667DD1C3ED0C64433F4E72B8EA5F02D7FDBB9DF2CBB8091ECABF5085D0E3E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"background_mode":{"enabled":true},"background_tracing":{"session_state":{"privacy_filter":true,"state":0}},"breadcrumbs":{"enabled":false,"enabled_time":"13375832613371648"},"browser":{"first_run_finished":true},"check_updates_on_startup":{"enabled":true},"hardware_acceleration_mode_previous":true,"keep_app_up_to_date":{"enabled":true},"launch_browser_on_startup":{"enabled":true},"launch_browser_on_wake":{"enabled":true},"launch_dock_on_startup":{"enabled":true},"legacy":{"profile":{"name":{"migrated":true}}},"local":{"password_hash_data_list":[]},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"optimization_guide":{"model_store_metadata":{}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA6vxecm76BQJWKOsxqFV2AEAAAABIAAABPAG4AZQBTAHQAYQByAHQAAAAQZgAAAAEAACAAAACGT/IPUVT3uDSRlwTlCYPZMNHOwbXY17bEdaK9jW+tXgAAAAAOgAAAAAIAACAAAAAtk1ITrL6jOoBsDm5DD7/BF+TKKpB5SYzxYdGihL9LTjAAAABLcEUtWUKqcj5DsMzj/kdNp7rCV2Cnald9rrW2t0CKAxS

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\827a31e2-2fdd-422a-bd2a-906fcb34f41f.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):847
                                                                                                                                                                                                    Entropy (8bit):5.697187066173804
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:B80C39824CB09C3837A000F734B6C1E2
                                                                                                                                                                                                    SHA1:A38D654BBEF2B412E001AB98C4E7C87E73C43267
                                                                                                                                                                                                    SHA-256:6BD7920879BBCE4C9ED655539BBF9C8696B8463711954DBF35013EEE8D44504D
                                                                                                                                                                                                    SHA-512:A277F52053D8DE062079E200F523B688ED3B16CDAE77D2606B6F196696DF85D72EFDFCC0EA9444ABE94240BD1CB946B5FBB5CA1337322B5E62E614819B018BFF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"background_tracing":{"session_state":{"privacy_filter":true,"state":0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA6vxecm76BQJWKOsxqFV2AEAAAABIAAABPAG4AZQBTAHQAYQByAHQAAAAQZgAAAAEAACAAAACGT/IPUVT3uDSRlwTlCYPZMNHOwbXY17bEdaK9jW+tXgAAAAAOgAAAAAIAACAAAAAtk1ITrL6jOoBsDm5DD7/BF+TKKpB5SYzxYdGihL9LTjAAAABLcEUtWUKqcj5DsMzj/kdNp7rCV2Cnald9rrW2t0CKAxSH156941wGAiR1MYn5BcJAAAAAn7P2dArObGUwSCVXOFMYWCzdILsPH4nRgnNA4h2AuZfjysFIbowFQzSgPbVPgn7WL45OT/0I0iP3rCWVCH605w=="},"uninstall_metrics":{"installation_date2":"1731359012"},"user_experience_metrics":{"limited_entropy_randomization_source":"7CC9B44F753248B8A0AB92E136524DF1","low_entropy_source3":5184,"pseudo_low_entropy_source":6392,"stability":{"browser_last_live_timestamp":"13375832612703205"}},"variations_limited_entropy_synthetic_trial_seed_v2":"24"}

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\8852b76a-b665-4e9e-8a70-b043d3e863ac.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1157
                                                                                                                                                                                                    Entropy (8bit):5.659599866848168
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:E5A4ABDB880508E28BED66986A00FA69
                                                                                                                                                                                                    SHA1:62206CB7A2D7D1F2B53B1BB2000FA08C482D1ED8
                                                                                                                                                                                                    SHA-256:8E11D48F9542ADCD8C3F8826E55EDCDF7D5096C15E8C1C7C922EFF7FCD2EC3E6
                                                                                                                                                                                                    SHA-512:6645D270A498F7EC67D1998CB3C8BC43C6A503BE06249B25F1235FEB13A72B033E88073C077A7B9B74F04C36E673B1A11015CCB9558EAAE6B8164A9FC92C9BE7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"background_tracing":{"session_state":{"privacy_filter":true,"state":0}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA6vxecm76BQJWKOsxqFV2AEAAAABIAAABPAG4AZQBTAHQAYQByAHQAAAAQZgAAAAEAACAAAACGT/IPUVT3uDSRlwTlCYPZMNHOwbXY17bEdaK9jW+tXgAAAAAOgAAAAAIAACAAAAAtk1ITrL6jOoBsDm5DD7/BF+TKKpB5SYzxYdGihL9LTjAAAABLcEUtWUKqcj5DsMzj/kdNp7rCV2Cnald9rrW2t0CKAxSH156941wGAiR1MYn5BcJAAAAAn7P2dArObGUwSCVXOFMYWCzdILsPH4nRgnNA4h2AuZfjysFIbowFQzSgPbVPgn7WL45OT/0I0iP3rCWVCH605w=="},"privacy_budget":{"meta_experiment_activation_salt":0.9072513814222138},"profile":{"info_cache":{},"profile_counts_reported":"13375832612926875","profiles_order":[]},"uninstall_metrics":{"installation_date2":"1731359012"},"user_experience_metrics":{"limited_entropy_randomization_source":"7CC9B44F753248B8A0AB92E136524DF1","low_entropy_source3":5184,"pseudo_low_entropy_source":6392,"stability":{"browser_last_live_timestamp":"13375832612703205"

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\BrowserMetrics\BrowserMetrics-67327124-7EC.pma

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 128.000000, slope 72143410128827480801280.000000
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4194304
                                                                                                                                                                                                    Entropy (8bit):0.5436225846697696
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:D771B24476810ED02AFEDA6E61660E6B
                                                                                                                                                                                                    SHA1:F04D23E709537718049024A920B0B525CD6A3A69
                                                                                                                                                                                                    SHA-256:F44512B98B23F6AE39DC89FD607827425B9950516FA3F7DC5BFA4139B8B2D353
                                                                                                                                                                                                    SHA-512:464DAF80E0CCCB69600264C043DCC0AF8AA8F075105FCB37DA7B97151576AFD8900F55CA438FDFAE619F6E70EE2447F37C4C274CFB20CC4CE2C8B9AD497091C1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:...@..@...@.....C.].....@...................p...............`... ...i.y.........BrowserMetrics......i.y..Yd.........A.......d...2......._.z.....Gy.7....................Gy.7....................UMA.PersistentAllocator.EarlyHistograms.BrowserMetrics......i.y.["......................................................................................................................... ..."...$...&...(...*...-...0...3...6...9...<...@...D...H...L...P...U...Z..._...d...............i.y..Yd........A...............`...v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.3...............126.0.6478.128-64-devel".en-US*...Windows NT..10.0.1904224..x86_64..|........".To Be Filled By O.E.M....x86_64J..m#:^...YP....(...............1..Y........<..8...(...SyntheticOptimizationGuideRemoteFetching....Disabled.<..8...$...Segmentation_ChromeLowUserEngagement....Unselected...0..,.......Segmentation

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\BrowserMetrics\BrowserMetrics-67327129-1AFC.pma

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4194304
                                                                                                                                                                                                    Entropy (8bit):0.006074957759105921
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:F21C12F1F6485227DEC6F98A7F6A2DB1
                                                                                                                                                                                                    SHA1:4E23D45FFA53741E1C2A5A9202714349806A828A
                                                                                                                                                                                                    SHA-256:66DBFFDF54240971C86C9AB8B3D6555E193CB8FE5D5D75869D809D79AD78B210
                                                                                                                                                                                                    SHA-512:FA8E29702E5D822771D059CBA3DC7C99149C79A6FFBC8091F620504B9AB3680F722F0FC2FE0B912F44A116C9DEBE1549F105794B82D20824EA3CC9A0829C489B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:...@..@...@.....C.].....@...............`...................`... ...i.y.........BrowserMetrics......i.y..Yd.........A.......d...2......._.z.....Gy.7....................Gy.7....................UMA.PersistentAllocator.EarlyHistograms.BrowserMetrics......i.y.["......................................................................................................................... ..."...$...&...(...*...-...0...3...6...9...<...@...D...H...L...P...U...Z..._...d...............i.y..Yd........A...............`...v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.3....................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad\settings.dat

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                    Size (bytes):40
                                                                                                                                                                                                    Entropy (8bit):3.1109640474436797
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:04313F9802D2E59FEB37490BE3FB8637
                                                                                                                                                                                                    SHA1:FFFB09F2150FE2A6005000F15A376DD6B3165071
                                                                                                                                                                                                    SHA-256:3D50F9EE611769F11AECA1592A9B8444AB8E5A91731A9B87A6A9503DDF867AEB
                                                                                                                                                                                                    SHA-512:FF84425C6236A9197EDA9FB7B59CE0D05148BCADDDA509F19F3F9BE2CB3FF309CD4EFE7FAEB72AAD21DF8A24395150377F7332D7A585B6C5BD29DFFF74B34B06
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:sdPC.......................rJ..F.X....du

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\06161900-3ecb-46be-8021-4cc6bf367deb.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):167109
                                                                                                                                                                                                    Entropy (8bit):5.081780452241832
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:70E5D4E286C45331931C22DBF5B15A9B
                                                                                                                                                                                                    SHA1:BB4DBEE62F4410666033D8BBF658227C80A3AD9A
                                                                                                                                                                                                    SHA-256:6FD93AA2E71AE66DF17C2E84E719D27DF69762375894522D80C95D7C82393793
                                                                                                                                                                                                    SHA-512:BB3931D23042265B7F9C0E4F35470FED8E3279CF677AA7B98DDCF19E110E1EA61B36778890B322BD0FA111023F6097CF4DFE185CF54C89A8E5B2AC3FF5283913
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ..?...M..(............. ..............................-.-./...TI..}...v..#,.....*.+./..2 ..+...I:..........,....5!..0.../ g.!.|._`...<.....&...0.....B.........gc.../......F...O...D).........:w.........H...Q...G..'O..`............E0..H...O...E...2...4...<...K,......D1..J...K...M...P...U-....................................(............. ....................................Y.8'..f\...~...|..TX.............-...1.......,...SE.......Y.........-.U.1.../...0.../..&...]X...p......U./..2...2...-.x.3"..#...A:..j.......$...0.o."...............D...Q.........@k..R...G}......U......h...*.........I...N...L...Bi.....................F_..L...I...I..1...........,...3U......F...L...J...K...C...@...H...L...............G^..I...H...J...M...JY..........................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\1eacaaeb-f646-4e85-8385-247da4383be8.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):38
                                                                                                                                                                                                    Entropy (8bit):4.023471592049354
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:3433CCF3E03FC35B634CD0627833B0AD
                                                                                                                                                                                                    SHA1:789A43382E88905D6EB739ADA3A8BA8C479EDE02
                                                                                                                                                                                                    SHA-256:F7D5893372EDAA08377CB270A99842A9C758B447B7B57C52A7B1158C0C202E6D
                                                                                                                                                                                                    SHA-512:21A29F0EF89FEC310701DCAD191EA4AB670EDC0FC161496F7542F707B5B9CE619EB8B709A52073052B0F705D657E03A45BE7560C80909E92AE7D5939CE688E9C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:..... 2a68348c2ca0c50ad315d43d90f5a986

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\4fe33041-f3a9-4963-8514-9b2c5c0ecbb8.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                    SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                    SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                    SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\6c25ae05-9873-4d25-8d52-6c82940b2208.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):167109
                                                                                                                                                                                                    Entropy (8bit):5.081780452241832
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:70E5D4E286C45331931C22DBF5B15A9B
                                                                                                                                                                                                    SHA1:BB4DBEE62F4410666033D8BBF658227C80A3AD9A
                                                                                                                                                                                                    SHA-256:6FD93AA2E71AE66DF17C2E84E719D27DF69762375894522D80C95D7C82393793
                                                                                                                                                                                                    SHA-512:BB3931D23042265B7F9C0E4F35470FED8E3279CF677AA7B98DDCF19E110E1EA61B36778890B322BD0FA111023F6097CF4DFE185CF54C89A8E5B2AC3FF5283913
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ..?...M..(............. ..............................-.-./...TI..}...v..#,.....*.+./..2 ..+...I:..........,....5!..0.../ g.!.|._`...<.....&...0.....B.........gc.../......F...O...D).........:w.........H...Q...G..'O..`............E0..H...O...E...2...4...<...K,......D1..J...K...M...P...U-....................................(............. ....................................Y.8'..f\...~...|..TX.............-...1.......,...SE.......Y.........-.U.1.../...0.../..&...]X...p......U./..2...2...-.x.3"..#...A:..j.......$...0.o."...............D...Q.........@k..R...G}......U......h...*.........I...N...L...Bi.....................F_..L...I...I..1...........,...3U......F...L...J...K...C...@...H...L...............G^..I...H...J...M...JY..........................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\7118a547-a66b-4f05-9f1e-ddf52fc811e5.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):414
                                                                                                                                                                                                    Entropy (8bit):5.049097608900595
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:D73BD6A5FD86A36A222AD080D2E32070
                                                                                                                                                                                                    SHA1:3EF68F80286500A7687EB37069D604F3F91F26A6
                                                                                                                                                                                                    SHA-256:D1BC544739031A7654ACDC3A46BB449F09517E1559BC5E79A589B8AB65BEA3BD
                                                                                                                                                                                                    SHA-512:981D115D1202918475A443C7A1B031CB8DBD600254A64012710A7AF5F8DC8F771382597A7487CB7AAF50E30816D29FB0ACC6119B9ADB59AFAE08BD06632AC233
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{.. "epochs": [ {.. "calculation_time": "13375832626318392",.. "config_version": 0,.. "model_version": "0",.. "padded_top_topics_start_index": 0,.. "taxonomy_version": 0,.. "top_topics_and_observing_domains": [ ].. } ],.. "hex_encoded_hmac_key": "550B8B1A29EE0A73EA24ABED74BFDA986B5375735147FA23415F004520AA971A",.. "next_scheduled_calculation_time": "13376437426318467"..}..

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\9966f37f-bfeb-4fc7-8260-f1754df812e9.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1475
                                                                                                                                                                                                    Entropy (8bit):4.374956480211034
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:8BA1394328168C2A4F2AEA7E2FC6C12C
                                                                                                                                                                                                    SHA1:B7EEB39D0B951FAFF8CB28A65FE5B314FC530A7A
                                                                                                                                                                                                    SHA-256:74ADEECA8B1C5A021FE145AC770FFD301FA2A297723B2A29EF61331688859B91
                                                                                                                                                                                                    SHA-512:6766FEDAA00E55F7098412C02D02D824B0E1ACAADC4795D57D659E64D6775A615D1C36DCD4B5BD82ABDE9178189542C23A1F3EC7C79BE7AD800D46939CA70167
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{.. "checksum": "58189afdb91c21bfbd47c540dc1353c0",.. "roots": {.. "bookmark_bar": {.. "children": [ ],.. "date_added": "13375832614004662",.. "date_last_used": "0",.. "date_modified": "0",.. "guid": "0bc5d13f-2cba-5d74-951f-3f233fe6c908",.. "id": "1",.. "name": "Bookmarks bar",.. "type": "folder".. },.. "other": {.. "children": [ {.. "date_added": "13375832614040806",.. "date_last_used": "0",.. "guid": "fb5f4b53-14a3-4310-b7c9-5c8220b061a6",.. "id": "5",.. "meta_info": {.. "power_bookmark_meta": "".. },.. "name": "New Tab Search",.. "type": "url",.. "url": "https://onestart.ai/chr/newtab?iid=d1b005fc-9638-4680-912d-46fbd5b0c6ec".. } ],.. "date_added": "13375832614004681",.. "date_last_used": "0",.. "date_modified": "13375832614040806",.. "guid"

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Affiliation Database

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, file counter 5, database pages 13, cookie 0x8, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):53248
                                                                                                                                                                                                    Entropy (8bit):0.3988860319126424
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:3A5A1B5681601D04C79F16F740244039
                                                                                                                                                                                                    SHA1:C7C2F00345AD16077DFA5908C2D00A37025DEE30
                                                                                                                                                                                                    SHA-256:5B038CEF519B60BB378CEAAD1EA0A101BE111C74613CBA63FC7F76625B4F72C7
                                                                                                                                                                                                    SHA-512:E8CCB322E60FC7107482D809B0D2CBC81BF76517A2B55FC0B690AB57DA0177B88D7481B7645A200D085AF255BBD469A44289965F06C9D90A4EEC20EE8FA6AFBE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................v..........g.....e...$.y.........H....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Bookmarks (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1475
                                                                                                                                                                                                    Entropy (8bit):4.374956480211034
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:8BA1394328168C2A4F2AEA7E2FC6C12C
                                                                                                                                                                                                    SHA1:B7EEB39D0B951FAFF8CB28A65FE5B314FC530A7A
                                                                                                                                                                                                    SHA-256:74ADEECA8B1C5A021FE145AC770FFD301FA2A297723B2A29EF61331688859B91
                                                                                                                                                                                                    SHA-512:6766FEDAA00E55F7098412C02D02D824B0E1ACAADC4795D57D659E64D6775A615D1C36DCD4B5BD82ABDE9178189542C23A1F3EC7C79BE7AD800D46939CA70167
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{.. "checksum": "58189afdb91c21bfbd47c540dc1353c0",.. "roots": {.. "bookmark_bar": {.. "children": [ ],.. "date_added": "13375832614004662",.. "date_last_used": "0",.. "date_modified": "0",.. "guid": "0bc5d13f-2cba-5d74-951f-3f233fe6c908",.. "id": "1",.. "name": "Bookmarks bar",.. "type": "folder".. },.. "other": {.. "children": [ {.. "date_added": "13375832614040806",.. "date_last_used": "0",.. "guid": "fb5f4b53-14a3-4310-b7c9-5c8220b061a6",.. "id": "5",.. "meta_info": {.. "power_bookmark_meta": "".. },.. "name": "New Tab Search",.. "type": "url",.. "url": "https://onestart.ai/chr/newtab?iid=d1b005fc-9638-4680-912d-46fbd5b0c6ec".. } ],.. "date_added": "13375832614004681",.. "date_last_used": "0",.. "date_modified": "13375832614040806",.. "guid"

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\BrowsingTopicsSiteData

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):28672
                                                                                                                                                                                                    Entropy (8bit):0.43785293753385396
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:8C1AC221F2F20F7E7FB1B0D1E7FEFAE9
                                                                                                                                                                                                    SHA1:4AD093D4810C55A1620E86DA1452351DB5671452
                                                                                                                                                                                                    SHA-256:86B9EEC2F03317F300171428B5052450D80A6C79E92F538A7593E4FDE8EA48CF
                                                                                                                                                                                                    SHA-512:460D4662FD979837EB6371A0A627523C4A60360D48366B90A71C3CBF5DAEE826CC7A6EF6FFF27C493DD92DBA6E88FC3E1A8FC64E0ACD5EF4FF4404ACCAF66754
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................v..........g.......o..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\BrowsingTopicsState (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):414
                                                                                                                                                                                                    Entropy (8bit):5.049097608900595
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:D73BD6A5FD86A36A222AD080D2E32070
                                                                                                                                                                                                    SHA1:3EF68F80286500A7687EB37069D604F3F91F26A6
                                                                                                                                                                                                    SHA-256:D1BC544739031A7654ACDC3A46BB449F09517E1559BC5E79A589B8AB65BEA3BD
                                                                                                                                                                                                    SHA-512:981D115D1202918475A443C7A1B031CB8DBD600254A64012710A7AF5F8DC8F771382597A7487CB7AAF50E30816D29FB0ACC6119B9ADB59AFAE08BD06632AC233
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{.. "epochs": [ {.. "calculation_time": "13375832626318392",.. "config_version": 0,.. "model_version": "0",.. "padded_top_topics_start_index": 0,.. "taxonomy_version": 0,.. "top_topics_and_observing_domains": [ ].. } ],.. "hex_encoded_hmac_key": "550B8B1A29EE0A73EA24ABED74BFDA986B5375735147FA23415F004520AA971A",.. "next_scheduled_calculation_time": "13376437426318467"..}..

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\data_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):45056
                                                                                                                                                                                                    Entropy (8bit):0.41928959653132586
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:EA56103375A08993C424251CC5D3B9C1
                                                                                                                                                                                                    SHA1:94874BBDEE0AEE98F80733376747AA6BF03469BD
                                                                                                                                                                                                    SHA-256:FB85A42C95A9EF76E4D1867B073954C9D14CF7D0F04736A922C5D835FC5AFF81
                                                                                                                                                                                                    SHA-512:D24F5177DA908507D3B4D03FCE33EB6BB204DF6B261FEC290AD6A73675A1615209AB6E4886A57648B35B2DF09CE7BC9437CC4E453EAF632847B328A72CE43E10
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:............$...<.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\data_1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                    Entropy (8bit):0.8553966170931362
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:7A18342978A9808B83DEAB1ADE3CD664
                                                                                                                                                                                                    SHA1:C479E08DA7F776372D43753508A8C76374D80B61
                                                                                                                                                                                                    SHA-256:3AB6F1A1616F95618591E35EFFA515BCD4A65EC58E772B218AEF2223186028B0
                                                                                                                                                                                                    SHA-512:B031E64841BCAEA56757E3FB9D4ADEE57DAC69D087FA86492D6AE096FF6F999D4681B7098A543F5F33211785F03DED410D64762685CC9B69393CECD18AF158E9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:................N.............................................................................?.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\data_2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1056768
                                                                                                                                                                                                    Entropy (8bit):2.5046807424283464
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:18494535979F54AD8FDCCBD7E5427D5F
                                                                                                                                                                                                    SHA1:D2CEF4601B62B2BBCCA89A762B1020B6E991A0A5
                                                                                                                                                                                                    SHA-256:0F4E137C6A364E95E18AF3DE1F0FB778D587D104B4E3A24E79015389D2237057
                                                                                                                                                                                                    SHA-512:D6F6FFCD79FD0F25E1BA24C25884AF0F0F8FC0B5DA1DD8DC5742C044CCF09CD84CBCECD2FB7887D4EA420CD8C0DBA4FBF5A3F5A50308ADF21F78D29E67F841CE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:................B.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\data_3

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4202496
                                                                                                                                                                                                    Entropy (8bit):0.4391488081552016
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:34533E2A00F9710262BAD5A912098F0F
                                                                                                                                                                                                    SHA1:6F0053674AC01C944C0AD704B156F2CB0C29D997
                                                                                                                                                                                                    SHA-256:23EF08327F10828295506610284DA1B0CEAD17178EE79A5B2169D4CA0794CB6C
                                                                                                                                                                                                    SHA-512:20CE7217DB61571B25966A98D818DC76957C6510935B034BE86CBA5672766FAA7511804F445BB005EE62483F521D08CE557801CE9B9EC73C0A6D97DB200124E7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\f_000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines (19015)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):19188
                                                                                                                                                                                                    Entropy (8bit):5.212814407014048
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:70D3FDA195602FE8B75E0097EED74DDE
                                                                                                                                                                                                    SHA1:C3B977AA4B8DFB69D651E07015031D385DED964B
                                                                                                                                                                                                    SHA-256:A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
                                                                                                                                                                                                    SHA-512:51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:/*. Copyright (C) Federico Zivolo 2017. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode||e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}functio

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\f_000002

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines (56331)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):56517
                                                                                                                                                                                                    Entropy (8bit):4.717595670873346
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:25A0AC5D7D8E48930FE0B6772B7254A8
                                                                                                                                                                                                    SHA1:6F4095F66E56D39EF0ADEFBE85A1DCFC13BD133B
                                                                                                                                                                                                    SHA-256:A94A13D4E9DF8DC2BC696A168930CD511F83498136BBA3BB0B968D7556F0B807
                                                                                                                                                                                                    SHA-512:3E040C96AFA7A852D5E32964D60C143A09BA0AD2085E42B06881E9FCF008587CE283F94A652106284CAC8744C255B1C95C22CDED67AD0FC4C579C224CBBE597D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:/*!. * Font Awesome Free 5.10.0 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */..fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pu

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\f_000003

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines (48664)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):48944
                                                                                                                                                                                                    Entropy (8bit):5.272507874206726
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:14D449EB8876FA55E1EF3C2CC52B0C17
                                                                                                                                                                                                    SHA1:A9545831803B1359CFEED47E3B4D6BAE68E40E99
                                                                                                                                                                                                    SHA-256:E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
                                                                                                                                                                                                    SHA-512:00D9069B9BD29AD0DAA0503F341D67549CCE28E888E1AFFD1A2A45B64A4C1BC460D81CFC4751857F991F2F4FB3D2572FD97FCA651BA0C2B0255530209B182F22
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:/*!. * Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function r(){return(r=Object.assign||function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&e.hasOwnProperty("default")?e.default:e,n=n&&n.hasOwnProp

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\f_000004

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines (63781), with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):63781
                                                                                                                                                                                                    Entropy (8bit):4.698496354178287
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:6B330FF5F89229CB7AE9264347BACBAB
                                                                                                                                                                                                    SHA1:05EA963AE15E620A051AEC3F8DDE4B6F85499C96
                                                                                                                                                                                                    SHA-256:4FC89B0C376BB37F904F4A63EF38E27BA939B1B2DA6DF77D127D533BB9D167F7
                                                                                                                                                                                                    SHA-512:2684F26F2F3449EFDB6473DDE0716DBBB181BA1EE24EBBDE013FA0AA0C9A450F343091A0F9C13B5FEC0657995AA9ECED9BB1B175E1E3A26ACEC3B4AEAFDF317C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:@font-face{font-family:boxicons;font-weight:400;font-style:normal;src:url(../fonts/boxicons.eot);src:url(../fonts/boxicons.eot) format('embedded-opentype'),url(../fonts/boxicons.woff2) format('woff2'),url(../fonts/boxicons.woff) format('woff'),url(../fonts/boxicons.ttf) format('truetype'),url(../fonts/boxicons.svg?#boxicons) format('svg')}.bx{font-family:boxicons!important;font-weight:400;font-style:normal;font-variant:normal;line-height:1;text-rendering:auto;display:inline-block;text-transform:none;speak:none;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.bx-ul{margin-left:2em;padding-left:0;list-style:none}.bx-ul>li{position:relative}.bx-ul .bx{font-size:inherit;line-height:inherit;position:absolute;left:-2em;width:2em;text-align:center}@-webkit-keyframes spin{0%{-webkit-transform:rotate(0);transform:rotate(0)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes spin{0%{-webkit-transform:rotate(0);transform:rotate(0)}100%{-webkit-transform

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\f_000005

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines (32012)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):69597
                                                                                                                                                                                                    Entropy (8bit):5.369216080582935
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:5F48FC77CAC90C4778FA24EC9C57F37D
                                                                                                                                                                                                    SHA1:9E89D1515BC4C371B86F4CB1002FD8E377C1829F
                                                                                                                                                                                                    SHA-256:9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
                                                                                                                                                                                                    SHA-512:CAB8C4AFA1D8E3A8B7856EE29AE92566D44CEEAD70C8D533F2C98A976D77D0E1D314719B5C6A473789D8C6B21EBB4B89A6B0EC2E1C9C618FB1437EBC77D3A269
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:/*! jQuery v3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-event/ajax,-effects,-effects/Tween,-effects/animatedSelector | (c) JS Foundation and other contributors | jquery.org/license */.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_e

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\f_000006

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines (65326)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):162264
                                                                                                                                                                                                    Entropy (8bit):5.077412945081833
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:A4B3F509E79C54A512B890D73235EF04
                                                                                                                                                                                                    SHA1:1BE37B62306C8C0C6775BB4C93C5E4C4E13D9775
                                                                                                                                                                                                    SHA-256:F886516F3D41E9E7BD994C7F7A39A89CAFAE9483F90396CB0DDEAFE8D1EA5E72
                                                                                                                                                                                                    SHA-512:AEDFD2AD0E143486867C3C845D9B4D7325AF41E3AAD102F280796E1507128DA181D382315A16A5EF5B4ABB33FA2BC7985D807ABC9578A47917726146190D7FD3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:/*!. * Bootstrap v4.6.2 (https://getbootstrap.com/). * Copyright 2011-2022 The Bootstrap Authors. * Copyright 2011-2022 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans","Liberation Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,::after,::be

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\f_000007

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:Unicode text, UTF-8 text, with very long lines (64730)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):320004
                                                                                                                                                                                                    Entropy (8bit):5.341873131978216
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:96DE323330F8B8336F637A0051835E00
                                                                                                                                                                                                    SHA1:A4641A2626F396D0272498E887EA09E4D013E493
                                                                                                                                                                                                    SHA-256:5B5799E6F8C680663207AC5B42EE14EED2A406FA7AF48F50C154F0C0B1566946
                                                                                                                                                                                                    SHA-512:ABEE25885C1D3C2FDB35D854A59C7A6970F1FE1EFBC8442D9F8235B251F275C6D92B7E272DA477700798489B21A3120EAB79A311FEF1244F18588507327FA809
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:/**. * @licstart The following is the entire license notice for the. * JavaScript code in this page. *. * Copyright 2023 Mozilla Foundation. *. * Licensed under the Apache License, Version 2.0 (the "License");. * you may not use this file except in compliance with the License.. * You may obtain a copy of the License at. *. * http://www.apache.org/licenses/LICENSE-2.0. *. * Unless required by applicable law or agreed to in writing, software. * distributed under the License is distributed on an "AS IS" BASIS,. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.. * See the License for the specific language governing permissions and. * limitations under the License.. *. * @licend The above is the entire license notice for the. * JavaScript code in this page. */.!function webpackUniversalModuleDefinition(t,e){"object"==typeof exports&&"object"==typeof module?module.exports=t.pdfjsLib=e():"function"==typeof define&&define.amd?define("pdfjs-dist/build/pdf",[],(()=>t

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\f_000008

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:Unicode text, UTF-8 text, with very long lines (64728)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1087212
                                                                                                                                                                                                    Entropy (8bit):5.556399328974215
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:A53A71A2A5D618ED0F86EBF099DB032A
                                                                                                                                                                                                    SHA1:49162D546A1A5A11BD2C932B2D1B2520DAEF1EC3
                                                                                                                                                                                                    SHA-256:FEABDF309770ED24BBA31A5467836CDC8CF639C705AF27D52B585B041BB8527B
                                                                                                                                                                                                    SHA-512:05BAD9EFA50D66AE41847ECB2FBA67F40E13290A5078D0873A8EB9FDA91F7A570805B715BD858E15028F5C8AF2904DEA6716239835F9EF7A1AE18C2C73BAE94F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:/**. * @licstart The following is the entire license notice for the. * JavaScript code in this page. *. * Copyright 2023 Mozilla Foundation. *. * Licensed under the Apache License, Version 2.0 (the "License");. * you may not use this file except in compliance with the License.. * You may obtain a copy of the License at. *. * http://www.apache.org/licenses/LICENSE-2.0. *. * Unless required by applicable law or agreed to in writing, software. * distributed under the License is distributed on an "AS IS" BASIS,. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.. * See the License for the specific language governing permissions and. * limitations under the License.. *. * @licend The above is the entire license notice for the. * JavaScript code in this page. */.!function webpackUniversalModuleDefinition(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=e.pdfjsWorker=t():"function"==typeof define&&define.amd?define("pdfjs-dist/build/pdf.worker"

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\f_000009

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:Web Open Font Format (Version 2), TrueType, length 50668, version 1.0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):50668
                                                                                                                                                                                                    Entropy (8bit):7.995343115077577
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:DAFD0A2E599F63FA9D7EE1D98FCE7F51
                                                                                                                                                                                                    SHA1:F8C0CB57F10ACD8F96623FBD2A7021253C860937
                                                                                                                                                                                                    SHA-256:6912F7388531E949BD5406B5668CD6B55FEA4CC7E2D123DBAED489054DD98438
                                                                                                                                                                                                    SHA-512:5A67EEA5B25198F054CED0BED062C05EE00364A8D87A96BF72608489F4CB7A16DC7627268C5E248E420AF2F4C03D3C54358B592E6612590C0378118FF805CE30
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:wOF2...................w..........................l.......?HVAR.I.`?STAT.8'...>/~.....h..T..:.0..`.6.$..p. ..v.....[+....d.\E...>.?.[..R..j.6m..s..+#.,W.mY.q0@.^.......I2...pI......?U....!..L....\kU`Y..JGF.m?Jo..6.hk.............j...].......V.).EP..).(..,..7S.}....q..[ )..d.i.L.Ae1}..$^...^'1...Z.M.ZkA..N.I.B..}L.he..s....R)......:.t.z.....t..l....n.atz....:....."...X....h.....D..[W.......{..u...?ND:I...T....c.....{....89.{..rZ.O...Q...C......i....2...*; ..r(5@.H$...B.v.).l...Mtsl.&.kX..].Z..y.#-c\.....;.UG..._....s..:p.#.:y..z>(..y..s..|..cDDF....!@.."`.....+..c.E..d..%REP..RK....w._..(....+.........:.u..8k.?(....9s&w.......2up_.^.SF|'..>.>.W_}.......T^*..."".\...2.Uo../z..W[.x.H]....1.6.6.Q...~..].....M$Q...#.'...P%E.&.]..T....?...>L.. ...7I.d.0.lx......T..%q.~9.%..E... Z.HE)..B.]'...2....o...}_.}g.r.FP.G.w....YfP.}..1.....t.&9..-&#...9..Gt.p..@...$....-m...OS...CX..} ......8I..H.d..'........|..fBN...;.D......].Z..r:;....B~.........k.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\f_00000a

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines (2565)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):214547
                                                                                                                                                                                                    Entropy (8bit):5.539315646122541
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:26FF46D30DEDD158B8E397EFDAEDDF1F
                                                                                                                                                                                                    SHA1:0BAF38817674900552024B772582FD04512358B3
                                                                                                                                                                                                    SHA-256:A29D03B476907C9E6B75A4AE97275FE1CF5511E0D2C0C2303B72532ABD044EBA
                                                                                                                                                                                                    SHA-512:718D6983AB21F4F8CED8B7F5548A2694F6F203B3C2DCFDA3BF7D668627BC27149E1DD9AF5B4EAD071419CC88466F3197B517770ABCE7C5E2946EEB6DB0C93575
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"6",. . "macros":[{"function":"__e"},{"function":"__u","vtp_component":"URL","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__gtes","vtp_eventSettingsTable":["list",["map","parameter","URL","parameterValue",["macro",1]]]},{"function":"__u","vtp_component":"HOST","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__u","vtp_component":"PATH","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__f","vtp_component":"URL"},{"function":"__e"}],. "tags":[{"function":"__gaawe","metadata":["map"],"once_per_event":true,"vtp_sendEcommerceData":false,"vtp_enhancedUserId":false,"vtp_eventName":"page_view","vtp_measurementIdOverride":"G-GTYLGLTRBN","vtp_eventSettingsVariable":["macro",2],"vtp_enableUserProperties":true,"vtp_enableMoreSettingsOption":true,"vtp_enableEuid":true,"vtp_m

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\f_00000b

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):109435
                                                                                                                                                                                                    Entropy (8bit):7.995984402680144
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:E7963CE1C94234186CECFEB80CD1291D
                                                                                                                                                                                                    SHA1:4DC7F6B46D016722DC60E9E03F75F6437BD74594
                                                                                                                                                                                                    SHA-256:A4B7B595AFB88045E3D67E180E86E43EFAEA1ACF23E3D1957AC30C23C54E19D4
                                                                                                                                                                                                    SHA-512:C8ECDE47F4BE969B1159F1499BF09E49085CD15E68789B9CCF2314057114B7DBD612673ABE4C80E68179686ABA347145F1F6A61ED7C7EBE01EC3E283E086C16D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:[..U1...2....u...l...p...I.....UB......._......q...i..........7....W....l'........<`h....l.."."..0?.......%u.p..+.M......$..3.D..j............~...:t.)xoV...%*S.T...}..@m....W..]...6..~sB./.[J.J....h.i.M....lj.....6.....${..w.K..B..*v........|.^..{.M$.....r<..8.e;!..b..1.4....oZ..}...Z.%.z..z.W..............1....a(.....@#.........7....fU.d....5 ....f.O..G.$.fV..2....E2k.gU.[%FkO..^.....o.g.a.i.c?..}]_9.[...l"..e..,.........L ......@Pm.W.k..z..~.Z..)7k...66....G=.D.wa.l.W...d.o...>{.QG..Q4.}.F..{q.!...gc..2.a@....P..s...c..Y}Im.~.j.d.....?..{.3wM..Ml.1..B.r..Y....D.Q.)6.${......;...C.).ocQ.....U.....!y......v.O......1`!../.F{..G..k#.......%i6...Q4.d....R..r.P.pz48x........#..g.|....|M0.<...p.r........G....N......=.L.,.^p.55 l.+.~.o..Pw...O+yax4.@."..6.L])x..&....`...}....h.W..L...c..=....w....h..J..0-@.........[.....$!O..t\.5......X.......w..../.....YA.'U<..\7.......N...R..R..{.....{...S..'..Hk..1.[m.~#..o.d.p.xc.O!...i...Z............B....c.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\f_00000c

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):110558
                                                                                                                                                                                                    Entropy (8bit):7.996668644780071
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:528EB0781424DE4723D67A2B049CFFDA
                                                                                                                                                                                                    SHA1:4EABEBC5F68E4A6D73B6473973B1AC66FED69815
                                                                                                                                                                                                    SHA-256:90BF21B27713C4B4B32426E4835FD078E5490F5A4A37C54C3A11C9D7DE06D85D
                                                                                                                                                                                                    SHA-512:5899D5A8FED64374484E2CA26AC9A27D05A27E87514BA599B491E336D61200D86DD6861E2144F78E3218FD386A847F5BD287322E39BD7A4B131F44E9E142F02B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:[..U...z.8...~..Q..a..X.V..@U...;.U.....?.........N.......o[..?_...WM.A.-..h....y.:........A<.W.....f...Z.Dh5...~.j.c.b..........4.?......Y.P.Q..{.h<..........J2......~...]...~".{.[.u)E*.EME..D2f ..9..........'....y.....$..q..%.Woj..?...z...f.&e..r.......d..... .....D.....v...[R.*eJ*..z0..+..o.N!*h.....s......Z}.....,p...: .J.^(.&.._...#@r.L..Ve..J..hM..Rz.,.y....1...{#...#".#....ku..>......f..0U..U....AdV/..z...z.H....$..a\>I.w......go\.z...d}.l.h.n.0..p..H.P...c(.{U)*B...............J..1L....."...f.........""..Y6..f..F..`...bl.g....l.._C...]..B......p.N..B..-cV}.7...C.)._c_..l..z.&.K....o.....~.3=E@D>CHB.e..kgK{s..HU..1.....z....$.z..6.z.M}.R.W..z-...Q..e.....=.#....|...m}M0.=..zp.r.G.C.x....z./;.%.....`.eI....W..&...~.0..Z3.....Q...7.....e..@F...O.8.....%..R........e.J.#/7..w-.U....J..}.Mt%o.=:..b..U..5.....j}.q.J..X......}........inZ...KU...W.q...{tX....o.m............*.......-.!.Oz...t..i...{^H/.Y......S.6?#O...L.!.....u....p.x.Fa..

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\f_00000d

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:PNG image data, 367 x 389, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20534
                                                                                                                                                                                                    Entropy (8bit):7.958287286025038
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:33B70A17C1C77692E80421BA75DBA126
                                                                                                                                                                                                    SHA1:A48F18AC5BB4FBD91C8C09ABADFF59E31221E42B
                                                                                                                                                                                                    SHA-256:F19D8FE06E503399219BF8C517113EE172720EA73A7470EE44BC0DF754B4CE86
                                                                                                                                                                                                    SHA-512:8B2236C19C5622D77C22621448F1F56E07C18189A5F021D63DB9345D914444A69ACFA7E2C3D3CF5532612030CA3D8471916E6A35C25F21ED6D334C4B9F5EB584
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.PNG........IHDR...o.........2.r.....sBIT....|.d... .IDATx^..x.E..g.......I.7.A......../ ..*...E..,4A.t."H..P@z/.[H.....f/.GIn.[.>.X..s.of.99.3..\. ..Q..G/.s..U...F...k*....m.k...].H,....p.. 1.....B.....P.Xw..E..g.x.w..........G.0..{q^.4.p.......hF.F.[..X.#.1..]^.jG...L[....._....E.v.v@...G.....CBB...e.G^......^..b6..FD.........u... ..J....G.DEEZ.1...q..[.#.$..b.4t.P..C..A.w.$..8..$L.2og&/"".1>..Q..J~........S..C.F.c.e.. .Yd.....DN......T........K".8.E.m|.F.....+.8.&F&..... Z...+lF.C.C..7.B.z..B3 ... ..]..J.t.BU@....p......Ug4......Y...N.D..?)E..v.....U....6...x.aVx8."...X.n.k..p,.}.....@@..@....J.+!...w...,.....,..Rn!..&..Z...&......3..t.~#.......@D.l6.iX..M,.q.<o...@@..@..N>F...F...]u|..R_Jk".....".C.oG.....7..Z.^..g..&B.....M..6k..U..=u..>.M W.J.o.j6.Z...n...~...ts.u.....v.cG.9.E.4'....c...}.>.8..?zLTN.3@@...*..5hZ..>..K.l#...M5..8..}..R.4.;.Mk.+......f....=Y...\/H?(v..? v...=O....}R3..|2t...g.{..c2..#.Z3n.]...S5j..;..DK.5..[..>...<J@I..M

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):524656
                                                                                                                                                                                                    Entropy (8bit):5.027445846313988E-4
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:FCD5228C9980F02D0F6FDA805B98A36A
                                                                                                                                                                                                    SHA1:21094D45D7860063EF1DD394962276192260984A
                                                                                                                                                                                                    SHA-256:84F39F7DD381649C6FBC86D0C792F515B4F1CF50B31E9023C51D70EB614693AB
                                                                                                                                                                                                    SHA-512:BC0E478A314F7E827841EEBF4B231E240293118DD06994E9BC3F60AB007E9614EB1DC236889DD7CB3E92450F9D3617163357DA8048EEFC106877E0502B93B10F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.........................................E..?./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\1980186a43d7617f_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):216
                                                                                                                                                                                                    Entropy (8bit):5.289849666636716
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:C922BD17C99037A1612909F3B1C9C889
                                                                                                                                                                                                    SHA1:38E9598085A37EB5B5083F9D2622CC30447D4D6A
                                                                                                                                                                                                    SHA-256:EF633D0323FA3DEF9B5A0A7B02ECC8AAA2FE5AC840677781DBAC66B63B7952A8
                                                                                                                                                                                                    SHA-512:1357FFB37C9D35A1649CE96535FDF609B8BB2A27F5EFE73543904CF29C2F7DF08721481D84328E2DA08E162B03D86B97BE6E60401628B8042B3B017E1D225010
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:0\r..m......L...e.E...._keyhttps://pdf.onestart.ai/js/modules/eventEmitter.js .https://onestart.ai/.A..Eo.....................?./.........(.=..........!.........;.``a"Yp.[....'..!.1gl..[O!..A..Eo.......3..$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\25f17c665a3eec16_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):216
                                                                                                                                                                                                    Entropy (8bit):5.255843200617822
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:1AF40FFBB14E1014D8F44BE08B1D1000
                                                                                                                                                                                                    SHA1:C185593501186BC4F535866775542EE167FE4D40
                                                                                                                                                                                                    SHA-256:1B69ACC7E33FE8C6E883E14F24C004CDB846ED4DA611881FA9CE700CADC5C3D6
                                                                                                                                                                                                    SHA-512:AB4201FB5EB6478DCCE3FBD8F486E35713B5369ED9032E936B7CA047A2BF0C7E7893E11BBCF35F3F4160CD4E2166F2D84DCF6D4C70BECF0C1CB340486C8230BE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:0\r..m......L.....T....._keyhttps://pdf.onestart.ai/js/modules/PdfJsService.js .https://onestart.ai/.A..Eo..................g...?./.........(.=..........!.......co.-~t%.c...D0....tT......5.A..Eo......f\s.$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\37d2b8710ca48a4e_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):235
                                                                                                                                                                                                    Entropy (8bit):5.250098617467893
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:AD6DBDB0E5FEFE48FF4CA44D6AE7DD2E
                                                                                                                                                                                                    SHA1:F24275EDA2E614722519B76931DF0455DD806B10
                                                                                                                                                                                                    SHA-256:B50A238D51BDB3727DDCBF471019A69435E0439AD8DB513E44CDA14A856DA32B
                                                                                                                                                                                                    SHA-512:196C518C2C95475BE4B92D8B37A15A2F474211B37E544C8DA7D7AC44A98A23CAFB34A9167C133AA875AD57711D6C14704206366BACC13DAC9A62E1350131D9F0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:0\r..m......_.....g....._keyhttps://cdn.jsdelivr.net/npm/bootstrap@4.0.0/dist/js/bootstrap.min.js .https://onestart.ai/.A..Eo......................?./.........(.=.........]..........|@:.BO_.1.....I.*j...oo.N:^..A..Eo........i.$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\55ed9ded28527d64_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):229
                                                                                                                                                                                                    Entropy (8bit):5.264724818107871
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:633B737D055CEF7E04C4CBAD3428AE1E
                                                                                                                                                                                                    SHA1:F677FF2CAF9D251386EF11A3D03B1F7DD0CAD0F0
                                                                                                                                                                                                    SHA-256:E8DC898C40D703A1417640DAA6DC4E2EB38B64FD5F141A4DFCF3A98310B15FC9
                                                                                                                                                                                                    SHA-512:D874FFDD3603563F3BDB01C14D4306CE5623AC6DDAFF2B66D2E170039AB30C0FF60BEAD005297D692A77D81EFBE40FADBCFC67E6919FCAAA75E033A5B9258C33
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:0\r..m......Y...pT.F...._keyhttps://pdf.onestart.ai/js/modules/FileUploader/FileUploader.js .https://onestart.ai/.A..Eo...................#..?./.........(.=..........!........A...\.4 ..1.r.l.S.....2SyU....A..Eo......y+..$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\57f2203ed1fe8250_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):268
                                                                                                                                                                                                    Entropy (8bit):5.726172589439089
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:B7C4D99F78B0051CD9E9F54E85EB1EF3
                                                                                                                                                                                                    SHA1:78CC0D16382D624C069411FCE094630071F36BC9
                                                                                                                                                                                                    SHA-256:CD50F2B99C031A629F5ED2BF994B1E206AA5B320D6811470DCBB7D820224400A
                                                                                                                                                                                                    SHA-512:C83130776F5E47B84FC3B2C93D495109E47DAE9FD2DC5154AF28BEA9310568485CD264308A7F0DFA01E56D2742B3F847311A1D0371197DFB78CE38574EB1BE41
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:0\r..m.................._keyhttps://www.googletagmanager.com/gtag/js?id=G-GTYLGLTRBN&l=dataLayer&cx=c&gtm=45He4b70v9197972675za200 .https://onestart.ai/.A..Eo...................r+.?./.........(.=..........'......4.:&!.\.kN....E.HM."....k.`..B..A..Eo.......cb.$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\5a62540f216c5c17_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):238
                                                                                                                                                                                                    Entropy (8bit):5.429540777734117
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:11BB7BAED310BAFAF24E503BA9165CF4
                                                                                                                                                                                                    SHA1:738A8C34E2843EC273DFDE29DDAE7FD299379383
                                                                                                                                                                                                    SHA-256:4BF4ED3F4B6AD0BA9C8754521A4A638B0ECC69C743E4EB9C86C88F66B9DF48A0
                                                                                                                                                                                                    SHA-512:A7FC9FCD6FD63E01D8F8A90AC8C43528976669866E78360B8164A8B72673AC10D571B1517D04BB205FB5F70A9C48669EA057A780D78F9A47610D6EB85A30518C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:0\r..m......b...v......._keyhttps://cdnjs.cloudflare.com/ajax/libs/pdf.js/3.11.174/pdf.worker.min.js .https://onestart.ai/.A..Eo......................?./.........(.=.........u........+as..7.....?.||[UV.H..81.y....A..Eo......KAAT$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\68979f25a762990d_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):231
                                                                                                                                                                                                    Entropy (8bit):5.4564982819093295
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:17943D3EE7923A7051E954C494CB5EE0
                                                                                                                                                                                                    SHA1:CFDA3E480F191C38C857552541B19A63E6F041D2
                                                                                                                                                                                                    SHA-256:20E46748B1C9746340333556B369B351360CB81ECDE4D8D26FE56EEC7F60D4ED
                                                                                                                                                                                                    SHA-512:1C2E397481805A73A2A24929E9A55B58D1CBC7A76A1DAB8BE973737569B1000AC883A2C7235C3522F28FA28A19C3B57A13A3AFCB457C8E53D4F70CE5ABD76501
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:0\r..m......[...W..i...._keyhttps://cdnjs.cloudflare.com/ajax/libs/pdf.js/3.11.174/pdf.min.js .https://onestart.ai/.A..Eo..................K...?./.........(.=.................{....!.D.....\....Jy>..]r.W.j..C.A..Eo......xLg.$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\6de8beb07cc45b05_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):268
                                                                                                                                                                                                    Entropy (8bit):5.763389635898182
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:5E17BC26378C1770B0FC6C62BCC67DB4
                                                                                                                                                                                                    SHA1:3623C74204890EAFF29A7E2887607BAC1F0D4165
                                                                                                                                                                                                    SHA-256:FBC331BC3C1BEEDDE3F50B3375086A4D49E679464997E8ABEE9C471E955841A0
                                                                                                                                                                                                    SHA-512:64D25BD0DDFAF79F2A075C91E65ED3242D1D90D663DBC00CE6F075B51514133E4FB663EA28E93D6783AF3F0932AA410B74E048CD5DA841D24DA9052852EA7810
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:0\r..m.........."J......_keyhttps://www.googletagmanager.com/gtag/js?id=G-S4GXRYV34E&l=dataLayer&cx=c&gtm=45He4b70v9197972675za200 .https://onestart.ai/.A..Eo...................*.?./.........(.=.........Y'......._B.N]z....q.PU&.1......1...*...A..Eo......]=..$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\73bed76f4cbf8d80_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):221
                                                                                                                                                                                                    Entropy (8bit):5.486906533654592
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:A98A5DA6D632C675BCCF27B808B706D0
                                                                                                                                                                                                    SHA1:D91AB9B552094F40AAA329DEACF4C5E16B7EBA97
                                                                                                                                                                                                    SHA-256:22BE5D2D1B9CDD59B3D890FAD47C58518362CC118B79D7B35316E26DF51E9103
                                                                                                                                                                                                    SHA-512:FDC48152B00CF0374D0F0728D6FAD33638C67D68042D4AD43184D0F4702136F73AD240505E971394BDB9879FF2D8166C662A59890FE46513EF9C4C80428019F1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:0\r..m......Q....+-....._keyhttps://www.googletagmanager.com/gtm.js?id=GTM-PSSF8J99 .https://onestart.ai/.A..Eo..................wL..?./.........(.=.........#$.......>...^6.C.$.[\.i.......@a..P(.A..Eo......*u.c$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\868ebfa058dc57a7_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):234
                                                                                                                                                                                                    Entropy (8bit):5.41486413000564
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:0831F964875537E0B58C02BC04463A4C
                                                                                                                                                                                                    SHA1:9061985C56C83360EF18A2B814BC8748FA0424C1
                                                                                                                                                                                                    SHA-256:F81BD484B04D9B46B3A4ED78C19C6803961BA901E9F5CC9AE896CEC31A9D3D84
                                                                                                                                                                                                    SHA-512:ACBCA941C32E1DB69921840B8307A6CF4DE1296404D6AE7360F97EDE016476E2750B45CECECCBAF140E17B0C6B3CF20D8727CA4852F63338588A351FC2669F8D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:0\r..m......^....S......_keyhttps://cdn.jsdelivr.net/npm/popper.js@1.12.9/dist/umd/popper.min.js .https://onestart.ai/.A..Eo......................?./.........(.=.........[............W.O.....{(.PZ......x....8.A..Eo.........l$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\a3a15df4ff2f013c_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):220
                                                                                                                                                                                                    Entropy (8bit):5.350900935546364
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:43FB1214D16325D864048144D6E17101
                                                                                                                                                                                                    SHA1:9DA6687EF9447AD7D34CCCC02E9E5F78DB580D32
                                                                                                                                                                                                    SHA-256:D18FD5A5648E357315F463FD6C91F82617D4E6067688A0B61B14A44CCD9D33FB
                                                                                                                                                                                                    SHA-512:7B177946B838C1251F59D8003E330480472C9BE811E51716916C86DDF9A2EC0BD7620FA73A1F448BABD140C6E5B02FA4CE03679F630E60984196356EEF37D598
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:0\r..m......P......&...._keyhttps://pdf.onestart.ai/js/modules/PdfPasswordModal.js .https://onestart.ai/.A..Eo..................j...?./.........(.=..........!......BaY6......Pj.......5..._Z...;$...A..Eo......).OB$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\b4ad7349bb2ded43_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):230
                                                                                                                                                                                                    Entropy (8bit):5.35538092055334
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:F2D3B07D74B19B2E33A0224CB2F30374
                                                                                                                                                                                                    SHA1:488FEFE65AA346D710D8EA2CC38A681394F7E958
                                                                                                                                                                                                    SHA-256:901970573D101369DD57E4BA64765666CDE15C3F760EBF4641B6215099172E26
                                                                                                                                                                                                    SHA-512:E2D6D27D867CD9355F980A3CDC40D912DB6C492EFCFE6FDBCE001BB6B89AFAFB266DAD4673D14765FE6D67CCE1D3F5576069281D1826E8978C5AA135157DA0E0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:0\r..m......Z...].8....._keyhttps://pdf.onestart.ai/js/modules/getFileUploaderBaseOptions.js .https://onestart.ai/.A..Eo......................?./.........(.=..........!.......O..V.)..8.../u.'x"G............A..Eo......>.#.$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\b761c757b2a7277d_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):209
                                                                                                                                                                                                    Entropy (8bit):5.168209970542308
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:793D9258B2B62FA247DA064E7169362C
                                                                                                                                                                                                    SHA1:734DABC2E2DBE07B3533DE3B562383DA941F4BEC
                                                                                                                                                                                                    SHA-256:11ABB20BE212027E6965D3AB743EA8FB8FB6B783AEADB428D773945E54DBC58C
                                                                                                                                                                                                    SHA-512:1FC48C4CE9C062037D3E122A39545CD5A2B4922C476A3881E03F88F444E9A39E83F7CE428FBF445AA3E242E58EE846C096F920AE5C4BAE798557B48226562344
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:0\r..m......E...-......_keyhttps://pdf.onestart.ai/js/modules/utils.js .https://onestart.ai/.A..Eo......................?./.........(.=..........!........+...l.\j...k.}k\j..-.....l.(..A..Eo......K>..$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\c4c3b75e2b1bb8b9_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):202
                                                                                                                                                                                                    Entropy (8bit):5.16679074966497
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:3B58C97AB0622DBF90BF0EC7159A2A3E
                                                                                                                                                                                                    SHA1:5A3D219296DC690C3DF78F9BE87BBE3E05C90809
                                                                                                                                                                                                    SHA-256:4F6E3C653DC0C395C5316CCAB7E2D9D5BF1C8AA04E1011174A7727A17225B24A
                                                                                                                                                                                                    SHA-512:AF35A6C51CA95352BC06D46EC4CEA4977481CECB64EA9F850D72A9F39DD41FFB6B7EE6A1FFE71E514F188281605739F2A241A78508B8D6B347E61312DEDA27FA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:0\r..m......>...J..I...._keyhttps://pdf.onestart.ai/js/editor.js .https://onestart.ai/.A..Eo....................?./.........(.=..........!......n..cPN.;.Df....'&m.Ez."'nX}...sq.A..Eo........X&$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\c7163e40f3a93b52_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):225
                                                                                                                                                                                                    Entropy (8bit):5.273755328812295
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:86C9BDBBA041FA50CC076F53CD03DC9A
                                                                                                                                                                                                    SHA1:7858092C3A9420EF8BCD50B5F10E58400C78A634
                                                                                                                                                                                                    SHA-256:0855AF0322A5F9D341EB5226245BD22E37C2A31D107D31F472DF0B4BB63720FC
                                                                                                                                                                                                    SHA-512:997A1C471500BE614E45E4E0418FDDF00FA3972465CBF437E94C8253A7FE672A08CBAC75049D52972F9626BA20863914E28BF26FFA911E461D28A56DB2738C3E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:0\r..m......U.........._keyhttps://pdf.onestart.ai/js/modules/FileUploader/FileItem.js .https://onestart.ai/.A..Eo...................(..?./.........(.=..........!.......o..*.....#..uN>.c.p.aJ...oY.vN.A..Eo......u...$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\de3877670f3bf390_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):214
                                                                                                                                                                                                    Entropy (8bit):5.321928450809174
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:A2FDBC88FA8532095F2D79227C7D48F3
                                                                                                                                                                                                    SHA1:38CB6B5BC5769D45465E8C24F30C85F6BA4236F1
                                                                                                                                                                                                    SHA-256:A4F82906E2B742E56388BE9FC27B96D1D3481ED0B62D53D61482F577ADBE7434
                                                                                                                                                                                                    SHA-512:9F709E9C90064FA09E46438916AD7FCFABE98326A54DC319F015B462212E08F81F7D6AA5E0472F8C742C16059B1C700A29BC3B88E80DFC7C0FE5DE567653D461
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:0\r..m......J....%......_keyhttps://code.jquery.com/jquery-3.2.1.slim.min.js .https://onestart.ai/.A..Eo...................w..?./.........(.=.........Y.........<.b......=..(...i.....e..Ke2..A..Eo......-.9*$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                    Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                    SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                    SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                    SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:0\r..m..................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\index-dir\temp-index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):432
                                                                                                                                                                                                    Entropy (8bit):4.890636412050234
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:895C41477B5CE4E211386C81D9089E29
                                                                                                                                                                                                    SHA1:CB102806763390D5CFE6BCB8F4AAFC130DCC8196
                                                                                                                                                                                                    SHA-256:652F5ED4D089B7A45BF4EFFCB44373B8C565FA1848F4D520552C16B59DDF636F
                                                                                                                                                                                                    SHA-512:FA12B65475FF2BA35378C615790F34C07ED8B1572D33A67ECD07BAE3B0C78985AF0F2B77984F2D3D77DE9D243E66833F3DC847CAA8E87730C1F5610169FCB713
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........oy retne............."...........[.|...m@.0.?./.........P...> .W@.0.?./............Lo.s.. .?./.........<./..]......?./...........>Zf|.%....?./.........d}R(..U....?./..........a.Cj.......?./.........C.-.Is......?./.........R;..@>......?./............+^.......?./..........\l!.TbZ.g..?./...........b.%..h.g..?./.........}'..W.a.....?./.........N...q..7@%.?./..........W.X....@%.?./...........;.gw8.@%.?./...........2.?./.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\index-dir\the-real-index (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):432
                                                                                                                                                                                                    Entropy (8bit):4.890636412050234
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:895C41477B5CE4E211386C81D9089E29
                                                                                                                                                                                                    SHA1:CB102806763390D5CFE6BCB8F4AAFC130DCC8196
                                                                                                                                                                                                    SHA-256:652F5ED4D089B7A45BF4EFFCB44373B8C565FA1848F4D520552C16B59DDF636F
                                                                                                                                                                                                    SHA-512:FA12B65475FF2BA35378C615790F34C07ED8B1572D33A67ECD07BAE3B0C78985AF0F2B77984F2D3D77DE9D243E66833F3DC847CAA8E87730C1F5610169FCB713
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........oy retne............."...........[.|...m@.0.?./.........P...> .W@.0.?./............Lo.s.. .?./.........<./..]......?./...........>Zf|.%....?./.........d}R(..U....?./..........a.Cj.......?./.........C.-.Is......?./.........R;..@>......?./............+^.......?./..........\l!.TbZ.g..?./...........b.%..h.g..?./.........}'..W.a.....?./.........N...q..7@%.?./..........W.X....@%.?./...........;.gw8.@%.?./...........2.?./.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe17ebe.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):432
                                                                                                                                                                                                    Entropy (8bit):4.890636412050234
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:895C41477B5CE4E211386C81D9089E29
                                                                                                                                                                                                    SHA1:CB102806763390D5CFE6BCB8F4AAFC130DCC8196
                                                                                                                                                                                                    SHA-256:652F5ED4D089B7A45BF4EFFCB44373B8C565FA1848F4D520552C16B59DDF636F
                                                                                                                                                                                                    SHA-512:FA12B65475FF2BA35378C615790F34C07ED8B1572D33A67ECD07BAE3B0C78985AF0F2B77984F2D3D77DE9D243E66833F3DC847CAA8E87730C1F5610169FCB713
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........oy retne............."...........[.|...m@.0.?./.........P...> .W@.0.?./............Lo.s.. .?./.........<./..]......?./...........>Zf|.%....?./.........d}R(..U....?./..........a.Cj.......?./.........C.-.Is......?./.........R;..@>......?./............+^.......?./..........\l!.TbZ.g..?./...........b.%..h.g..?./.........}'..W.a.....?./.........N...q..7@%.?./..........W.X....@%.?./...........;.gw8.@%.?./...........2.?./.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\wasm\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                    Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                    SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                    SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                    SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:0\r..m..................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\wasm\index-dir\temp-index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                                    Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:F3CFFB538D30FA878DF245736F4D657B
                                                                                                                                                                                                    SHA1:64291AD6BFE225AC0DC07A9F8EFDAAED5AD33C4C
                                                                                                                                                                                                    SHA-256:5D64EE7736108CE96E5C36FBE91BE9B62DED82638BD3B5FDE7328C33F66FE582
                                                                                                                                                                                                    SHA-512:37218234084CD4EF83261418398BA1DD3FAF94D4DBB138059F99A762E22090D1C6EF91EA1F0C16B1973578CF3FC046935025A7D1A696E9C53296C6D666AAFD12
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:(....L..oy retne........................*...?./.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\wasm\index-dir\the-real-index (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                                    Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:F3CFFB538D30FA878DF245736F4D657B
                                                                                                                                                                                                    SHA1:64291AD6BFE225AC0DC07A9F8EFDAAED5AD33C4C
                                                                                                                                                                                                    SHA-256:5D64EE7736108CE96E5C36FBE91BE9B62DED82638BD3B5FDE7328C33F66FE582
                                                                                                                                                                                                    SHA-512:37218234084CD4EF83261418398BA1DD3FAF94D4DBB138059F99A762E22090D1C6EF91EA1F0C16B1973578CF3FC046935025A7D1A696E9C53296C6D666AAFD12
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:(....L..oy retne........................*...?./.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\DIPS

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, file counter 1, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):36864
                                                                                                                                                                                                    Entropy (8bit):0.4446905881544651
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:D78BD39DAA08EC3D91B377A15AD381D3
                                                                                                                                                                                                    SHA1:E52D7B3EB91E3A65082B32ED2F3DC386BD0292C2
                                                                                                                                                                                                    SHA-256:5B1484033D3096D7DF4F237A2B3DD8CAF0AA85F90DC6301978A4DCDA24BC2F95
                                                                                                                                                                                                    SHA-512:89CA8FDA7C0C23DFDEA20B85EFCF2F68340395CA157FA866629DA2EDF6D2CC4E621CBDFD0BD9BD5AB45AEAB619AD3528DE3B95B74D4E679059C4B1AF1C974854
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................v..........g.....:....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\DawnGraphiteCache\data_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\DawnGraphiteCache\data_1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                    Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                    SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                    SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                    SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\DawnGraphiteCache\data_2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\DawnGraphiteCache\data_3

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\DawnGraphiteCache\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):262512
                                                                                                                                                                                                    Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:6FA64067BD4253D2F14921E22E987664
                                                                                                                                                                                                    SHA1:A6CF4B01D12D1AEA7EB75DD79A90E22D5BA9821C
                                                                                                                                                                                                    SHA-256:A7A07AB3E337E693B94263E78039F37552E191275B6D69C1E28D17571864901C
                                                                                                                                                                                                    SHA-512:08E5FA6EDBE14440011B5F7D6FFFE098287F15A896C138F2AA64C1271902D4E99252A3FDBC97F4C0929F20692B63155464933CB42C22A197AD73D07402A34D8E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:...........................................?./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\DawnWebGPUCache\data_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\DawnWebGPUCache\data_1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                    Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                    SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                    SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                    SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\DawnWebGPUCache\data_2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\DawnWebGPUCache\data_3

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\DawnWebGPUCache\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):262512
                                                                                                                                                                                                    Entropy (8bit):9.47693366977411E-4
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:82AB5F99973921705F25F0C6C3EE10C8
                                                                                                                                                                                                    SHA1:52DE621E467BA7D097C5B09FC7885712A8FBD41A
                                                                                                                                                                                                    SHA-256:16E3E5A3B7C28ED6DF888C3E0E00BAA597CA7017EF0F0D2C7DCBB94E341A7A10
                                                                                                                                                                                                    SHA-512:0FC4B75689086A28436F5773F42829B312797930F1DE9DA3BC9B129E36D2D38DB6AEFA2AD5F6A9569B08F8F054F20110B9DC09D1597C5C5348A74C9E121A7BBD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................d..?./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Rules\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):114
                                                                                                                                                                                                    Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:891A884B9FA2BFF4519F5F56D2A25D62
                                                                                                                                                                                                    SHA1:B54A3C12EE78510CB269FB1D863047DD8F571DEA
                                                                                                                                                                                                    SHA-256:E2610960C3757D1757F206C7B84378EFA22D86DCF161A98096A5F0E56E1A367E
                                                                                                                                                                                                    SHA-512:CD50C3EE4DFB9C4EC051B20DD1E148A5015457EE0C1A29FFF482E62291B32097B07A069DB62951B32F209FD118FD77A46B8E8CC92DA3EAAE6110735D126A90EE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Rules\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):293
                                                                                                                                                                                                    Entropy (8bit):5.106650383468912
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:C757EAC3CDC526474AE1C48E2BC54861
                                                                                                                                                                                                    SHA1:17A6ABF64B009462DCDEA8D9C44F6C655B4A3414
                                                                                                                                                                                                    SHA-256:E4557A78CDCB70B1AA7D46DD390375DD60345EADE02905052E32DE4D30CED32F
                                                                                                                                                                                                    SHA-512:7B2885805DCACBEA30C84C94247148EB654965D734427DE369E272471A2218F7AC4838A19AD7AF9170786105D42A8A571E9A4FD53A47717F4227C71810062AE8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:2024/11/11-16:03:34.239 cc4 Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Rules since it was missing..2024/11/11-16:03:34.662 cc4 Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Rules/MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Rules\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Scripts\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):57
                                                                                                                                                                                                    Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:41C7D1373DE8E7BD508C548A70910E51
                                                                                                                                                                                                    SHA1:F919499049571C75C7EB73FDAAA5198E6DD641B6
                                                                                                                                                                                                    SHA-256:99C59CBE7DB56D56A286485635E4467004641C6275E708887DD35728EB05109A
                                                                                                                                                                                                    SHA-512:C30CB4EA2478FD816B4A160626B08CB63D2B9DC50EAB694607D44D05117E6AF8DD707BF4E14CF001CF69007A654ADE55149A61ED07F9DE6A9A2EDCB51AFA0773
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.f.5................f.5................f.5...............

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Scripts\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):297
                                                                                                                                                                                                    Entropy (8bit):5.090918289163616
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:ACFBFCE16E3DF27881289F2EB36E0F71
                                                                                                                                                                                                    SHA1:9507E4628561C462B3904FAB5BCBF007FB20FE05
                                                                                                                                                                                                    SHA-256:60AA9E0717B33A2D49A5346F47E6C33D19D58351C13721A875520EAAA2CD6E0E
                                                                                                                                                                                                    SHA-512:58DD47D7914151C82864CDFC10D1D8DA56AA721A96F0FD48BFF0ECB286DF508B36EAEAA5A5B02CD2431E498ADDC1AB889E3871F53DF72770F9800B581BA64393
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:2024/11/11-16:03:34.664 cc4 Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Scripts since it was missing..2024/11/11-16:03:35.037 cc4 Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Scripts/MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension Scripts\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension State\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):171
                                                                                                                                                                                                    Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:E952942B492DB39A75DD2669B98EBE74
                                                                                                                                                                                                    SHA1:F6C4DEF325DCA0DFEC01759D7D8610837A370176
                                                                                                                                                                                                    SHA-256:14F92B911F9FE774720461EEC5BB4761AE6BFC9445C67E30BF624A8694B4B1DA
                                                                                                                                                                                                    SHA-512:9193E7BBE7EB633367B39513B48EFED11FD457DCED070A8708F8572D0AB248CBFF37254599A6BFB469637E0DCCBCD986347C6B6075C06FAE2AF08387B560DEA0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension State\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension State\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):293
                                                                                                                                                                                                    Entropy (8bit):5.069209443091919
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:99519B6F52BB6408A29E6DE9D8146506
                                                                                                                                                                                                    SHA1:A597B9D4FEE65481E6E0BED1978126A32DDA5F74
                                                                                                                                                                                                    SHA-256:5AA80DD9BD3E44705F7AA7ABA9C1201FF2C37A1009CFA2597F64ABE72DBCECA9
                                                                                                                                                                                                    SHA-512:FBCAFD4572EF9F5A0100DDB874E6B3A5B1D77744E5F498AFE01B9C42CD23FF163536769770B356B80630A6AABA7E13AD4D0688666669B7B2C9A550B8FC2D0B55
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:2024/11/11-16:03:35.038 cc4 Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension State since it was missing..2024/11/11-16:03:35.404 cc4 Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension State/MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Extension State\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Favicons

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, page size 2048, file counter 2, database pages 11, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):22528
                                                                                                                                                                                                    Entropy (8bit):2.2899759648929114
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:EEC38C820A5820AC5C795F5B6FB38855
                                                                                                                                                                                                    SHA1:342BF5F4D19ADD635A8159F4B4AF1C2BC46379FD
                                                                                                                                                                                                    SHA-256:DB7E7BC3844209F6138A0495D864ECC86438721071FC5B4EBB29F4D5722AD5DC
                                                                                                                                                                                                    SHA-512:B1805765941721CAA63C91A51BDE67082139943530C156A652375FF184FE9880946479C15633D320966D82EC4A6E2AF776DD58A899388D432F650550D8C45F26
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................v..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\GCM Store\Encryption\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\GCM Store\Encryption\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\GCM Store\Encryption\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):303
                                                                                                                                                                                                    Entropy (8bit):5.158326342964779
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:21DE3B6C0A86FB2E5A81DDD8BAD29A19
                                                                                                                                                                                                    SHA1:2FE8155BB1328A153F143B27AF561945B5D21B52
                                                                                                                                                                                                    SHA-256:7D2F7E8CC92B4205383E76187C444A4CF9598EBFB9AE1D01BF639BAB09335F0A
                                                                                                                                                                                                    SHA-512:05A35CA731A6CAB650ACFB3569DE023AD1C320FD08892C401A31D2350EB204A1D578324B226F546EB35B5EB7E5B271362713CAE7A0F61BF17402BEAC987A6369
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:2024/11/11-16:03:46.513 940 Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\GCM Store\Encryption since it was missing..2024/11/11-16:03:46.598 940 Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\GCM Store\Encryption/MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\GCM Store\Encryption\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\GPUCache\data_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\GPUCache\data_1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                    Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                    SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                    SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                    SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\GPUCache\data_2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\GPUCache\data_3

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\GPUCache\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):262512
                                                                                                                                                                                                    Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:412C0394B567391C0E75208F40DE3AEA
                                                                                                                                                                                                    SHA1:129A57DA49CE828C7415967BDECF6B0F05ACE2E0
                                                                                                                                                                                                    SHA-256:816AC121D6CC4566F9DEF4FFD50AA33B24482357906A3B9198EA68CF196783A0
                                                                                                                                                                                                    SHA-512:7D040DE77B7B1564FAFF654BE7E68A21E0506BFF841D300757B3783B0356CF645CFBEBBB4578CF8DDCAFE30B228BDDD3F5D760DF8DD7405E0428E0259BFAE134
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................^..?./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Google Profile.ico (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):167109
                                                                                                                                                                                                    Entropy (8bit):5.081780452241832
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:70E5D4E286C45331931C22DBF5B15A9B
                                                                                                                                                                                                    SHA1:BB4DBEE62F4410666033D8BBF658227C80A3AD9A
                                                                                                                                                                                                    SHA-256:6FD93AA2E71AE66DF17C2E84E719D27DF69762375894522D80C95D7C82393793
                                                                                                                                                                                                    SHA-512:BB3931D23042265B7F9C0E4F35470FED8E3279CF677AA7B98DDCF19E110E1EA61B36778890B322BD0FA111023F6097CF4DFE185CF54C89A8E5B2AC3FF5283913
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ..?...M..(............. ..............................-.-./...TI..}...v..#,.....*.+./..2 ..+...I:..........,....5!..0.../ g.!.|._`...<.....&...0.....B.........gc.../......F...O...D).........:w.........H...Q...G..'O..`............E0..H...O...E...2...4...<...K,......D1..J...K...M...P...U-....................................(............. ....................................Y.8'..f\...~...|..TX.............-...1.......,...SE.......Y.........-.U.1.../...0.../..&...]X...p......U./..2...2...-.x.3"..#...A:..j.......$...0.o."...............D...Q.........@k..R...G}......U......h...*.........I...N...L...Bi.....................F_..L...I...I..1...........,...3U......F...L...J...K...C...@...H...L...............G^..I...H...J...M...JY..........................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Google Profile.ico~RFe1097f.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):167109
                                                                                                                                                                                                    Entropy (8bit):5.081780452241832
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:70E5D4E286C45331931C22DBF5B15A9B
                                                                                                                                                                                                    SHA1:BB4DBEE62F4410666033D8BBF658227C80A3AD9A
                                                                                                                                                                                                    SHA-256:6FD93AA2E71AE66DF17C2E84E719D27DF69762375894522D80C95D7C82393793
                                                                                                                                                                                                    SHA-512:BB3931D23042265B7F9C0E4F35470FED8E3279CF677AA7B98DDCF19E110E1EA61B36778890B322BD0FA111023F6097CF4DFE185CF54C89A8E5B2AC3FF5283913
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ..?...M..(............. ..............................-.-./...TI..}...v..#,.....*.+./..2 ..+...I:..........,....5!..0.../ g.!.|._`...<.....&...0.....B.........gc.../......F...O...D).........:w.........H...Q...G..'O..`............E0..H...O...E...2...4...<...K,......D1..J...K...M...P...U-....................................(............. ....................................Y.8'..f\...~...|..TX.............-...1.......,...SE.......Y.........-.U.1.../...0.../..&...]X...p......U./..2...2...-.x.3"..#...A:..j.......$...0.o."...............D...Q.........@k..R...G}......U......h...*.........I...N...L...Bi.....................F_..L...I...I..1...........,...3U......F...L...J...K...C...@...H...L...............G^..I...H...J...M...JY..........................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Google Profile.ico~RFe10efd.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):167109
                                                                                                                                                                                                    Entropy (8bit):5.081780452241832
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:70E5D4E286C45331931C22DBF5B15A9B
                                                                                                                                                                                                    SHA1:BB4DBEE62F4410666033D8BBF658227C80A3AD9A
                                                                                                                                                                                                    SHA-256:6FD93AA2E71AE66DF17C2E84E719D27DF69762375894522D80C95D7C82393793
                                                                                                                                                                                                    SHA-512:BB3931D23042265B7F9C0E4F35470FED8E3279CF677AA7B98DDCF19E110E1EA61B36778890B322BD0FA111023F6097CF4DFE185CF54C89A8E5B2AC3FF5283913
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ..?...M..(............. ..............................-.-./...TI..}...v..#,.....*.+./..2 ..+...I:..........,....5!..0.../ g.!.|._`...<.....&...0.....B.........gc.../......F...O...D).........:w.........H...Q...G..'O..`............E0..H...O...E...2...4...<...K,......D1..J...K...M...P...U-....................................(............. ....................................Y.8'..f\...~...|..TX.............-...1.......,...SE.......Y.........-.U.1.../...0.../..&...]X...p......U./..2...2...-.x.3"..#...A:..j.......$...0.o."...............D...Q.........@k..R...G}......U......h...*.........I...N...L...Bi.....................F_..L...I...I..1...........,...3U......F...L...J...K...C...@...H...L...............G^..I...H...J...M...JY..........................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Google Profile.ico~RFe113cf.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):167109
                                                                                                                                                                                                    Entropy (8bit):5.081780452241832
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:70E5D4E286C45331931C22DBF5B15A9B
                                                                                                                                                                                                    SHA1:BB4DBEE62F4410666033D8BBF658227C80A3AD9A
                                                                                                                                                                                                    SHA-256:6FD93AA2E71AE66DF17C2E84E719D27DF69762375894522D80C95D7C82393793
                                                                                                                                                                                                    SHA-512:BB3931D23042265B7F9C0E4F35470FED8E3279CF677AA7B98DDCF19E110E1EA61B36778890B322BD0FA111023F6097CF4DFE185CF54C89A8E5B2AC3FF5283913
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ..?...M..(............. ..............................-.-./...TI..}...v..#,.....*.+./..2 ..+...I:..........,....5!..0.../ g.!.|._`...<.....&...0.....B.........gc.../......F...O...D).........:w.........H...Q...G..'O..`............E0..H...O...E...2...4...<...K,......D1..J...K...M...P...U-....................................(............. ....................................Y.8'..f\...~...|..TX.............-...1.......,...SE.......Y.........-.U.1.../...0.../..&...]X...p......U./..2...2...-.x.3"..#...A:..j.......$...0.o."...............D...Q.........@k..R...G}......U......h...*.........I...N...L...Bi.....................F_..L...I...I..1...........,...3U......F...L...J...K...C...@...H...L...............G^..I...H...J...M...JY..........................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\History

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, file counter 2, database pages 40, cookie 0x21, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):163840
                                                                                                                                                                                                    Entropy (8bit):0.6463284236769751
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:98FF8F2550C529DE13FA7EED4AC23EAB
                                                                                                                                                                                                    SHA1:D3E41F5070ECEC7B89ABFFE3AFFCFD0950839E5C
                                                                                                                                                                                                    SHA-256:BD843C28588322B272D95469792AA3F9181B2BE7DC48E8B9B992A21F62E65D28
                                                                                                                                                                                                    SHA-512:10C743ECB38B3468262D947A7A3551596EDCC870E2CA787D8B7636000993D87D05B8FA0DA6E432C30F48D2CF51C7381FE17596021CC68802CD3BC5E98CD15FD7
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ .......(...........!......................................................v.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\History-journal

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                    Size (bytes):8720
                                                                                                                                                                                                    Entropy (8bit):0.21893554594621492
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:F33AAA4CA0BA3D79A9F65D8AEA0DD0CD
                                                                                                                                                                                                    SHA1:BF831B31A1A3C0F7A2294D11C7A3804C59B8F09F
                                                                                                                                                                                                    SHA-256:62674E94349795F786812433F9895339D19C235A7ED846D6A6BBEB9B8B4F0CE3
                                                                                                                                                                                                    SHA-512:0BFFA2F55207F5D9A9B20B3FAA7A7FBB62707DBF998E168032694EB9C900968BFA304F6595D0919E31C56AAD12856D5C1F42F54684C01458C2B7B6975A3E64FD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.............;N....(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\InterestGroups

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, writer version 2, read version 2, file counter 1, database pages 1, cookie 0, schema 0, unknown 0 encoding, version-valid-for 1
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                                                    Entropy (8bit):0.0905602561507182
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:B016510815CFC2BCD2E04D07A0D4CF80
                                                                                                                                                                                                    SHA1:8B67DFF3DEBD7898315D5051C1CA791E3EC9E25F
                                                                                                                                                                                                    SHA-256:02E374A9C1AFDD0D65F515922C3343CD3EA5CC8CCEA04D9F026A9406AF752B55
                                                                                                                                                                                                    SHA-512:5AF6956CC960770D5651B19096A0F55143CAC4FE79F76054042180E9EBBB322A9B1A29DC4FBBB8C12BD8708BB2AF67C8B4280B70B0D1192021FD8D423333344B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................v.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\InterestGroups-journal

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite Rollback Journal
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):512
                                                                                                                                                                                                    Entropy (8bit):0.28499812076190567
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:001E660A6D0F5B7DBAA0259484FAB679
                                                                                                                                                                                                    SHA1:224A0D07BE445A9479341F80FADB18130D1D25B9
                                                                                                                                                                                                    SHA-256:B24B1EE0D0BB8A5D51B242B7646996C18D36265F7DBDDFC14C16DA62DC12B9A9
                                                                                                                                                                                                    SHA-512:E463513B4C31C5117C599AB9B54BD49CD0A4010049FB9591F4C7120523E005DB6898AD20FEB1F1A6CAFCC9C30692ABBA1703BB636A70F1371B65F8966B472F85
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.... .c.....].d................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\InterestGroups-wal

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):181312
                                                                                                                                                                                                    Entropy (8bit):2.1466374737324494
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:A4406D1712F7C39468D2555F65EA1A8D
                                                                                                                                                                                                    SHA1:C2408DB7BA66233CB5FDC2E7AF77248D27FA1939
                                                                                                                                                                                                    SHA-256:21041CA13E99155542B19D561357C1DB86EAE34E11E4EC96779477AD0E942A1A
                                                                                                                                                                                                    SHA-512:8E41A25A9908360A507E42882D1AAA1A1E22FE044367AAC1743DB2E610D7986EA0027AACAC0F917C1A0951864BA1BEDD87C053BB0D4B6BC8C943365A36EC9485
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:7....-............f...".M.){...........f...".....Qv.SQLite format 3......@ ..........................................................................v.......g..g..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Extension Settings\memhbiihnoblfombkckdfmemihcnlihc\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Extension Settings\memhbiihnoblfombkckdfmemihcnlihc\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Extension Settings\memhbiihnoblfombkckdfmemihcnlihc\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):379
                                                                                                                                                                                                    Entropy (8bit):5.215548295815392
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:12DAD98FA67B129D2636A9D130B900A3
                                                                                                                                                                                                    SHA1:A6A3D971EBDB67C9848CFDF588D622F21E4D088D
                                                                                                                                                                                                    SHA-256:A714B6045FD387F3017A39CA3FB13C1348A95B4BECD6B73452B287A57E54C244
                                                                                                                                                                                                    SHA-512:6E7889FDBB867314B44224E334430D9B8035BCD92FE1BB91FDD5BB652AEC1C27F63C4173A41A0229F0B0CEED544E06BF5FB2AF080488C8C2DC0030275FAAEC8F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:2024/11/11-16:03:47.796 17fc Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Extension Settings\memhbiihnoblfombkckdfmemihcnlihc since it was missing..2024/11/11-16:03:47.821 17fc Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Extension Settings\memhbiihnoblfombkckdfmemihcnlihc/MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Extension Settings\memhbiihnoblfombkckdfmemihcnlihc\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Storage\leveldb\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Storage\leveldb\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):307
                                                                                                                                                                                                    Entropy (8bit):5.154931562506091
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:1C7AA01EFB1CCC182A397DC72441F935
                                                                                                                                                                                                    SHA1:36D0842B5C860487FF5CB22F2B8417501471E170
                                                                                                                                                                                                    SHA-256:FA00B117BDBEA3707CA25CB7F881B815822EF1AD6C5AA5445E87CA157F82E22E
                                                                                                                                                                                                    SHA-512:39E28966553C0805ED42730C339B55C933D034583A04841949A75FFEE3002ED4412723F9078AC9957CA8745054AED692F2ECC31CA1D52A41B45F6438C001DEF6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:2024/11/11-16:03:35.188 1760 Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Storage\leveldb since it was missing..2024/11/11-16:03:35.771 1760 Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Storage\leveldb/MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Local Storage\leveldb\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Login Data

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):40960
                                                                                                                                                                                                    Entropy (8bit):0.8621516222976348
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:CD6917CC36422AED5E2A20A1132943DB
                                                                                                                                                                                                    SHA1:481F964FC0721A3338A3A9A1F6CEB7D6B27B231C
                                                                                                                                                                                                    SHA-256:0ACE9FF85BC53BE1DEBB74C7F6A767BABFEF479921CBC174496E701AFD2239A9
                                                                                                                                                                                                    SHA-512:20E82CC32641275828ACD5BF5AB2EF5F760414B9B77FCD2E9AFEA76DF47615259AC7BA1D58F8A8F341F1492CEADCC3C98243BDB19D5B83D97674E7A238E48272
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................v.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Login Data For Account

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):40960
                                                                                                                                                                                                    Entropy (8bit):0.8621516222976348
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:CD6917CC36422AED5E2A20A1132943DB
                                                                                                                                                                                                    SHA1:481F964FC0721A3338A3A9A1F6CEB7D6B27B231C
                                                                                                                                                                                                    SHA-256:0ACE9FF85BC53BE1DEBB74C7F6A767BABFEF479921CBC174496E701AFD2239A9
                                                                                                                                                                                                    SHA-512:20E82CC32641275828ACD5BF5AB2EF5F760414B9B77FCD2E9AFEA76DF47615259AC7BA1D58F8A8F341F1492CEADCC3C98243BDB19D5B83D97674E7A238E48272
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................v.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network Action Predictor

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):45056
                                                                                                                                                                                                    Entropy (8bit):0.40284935738642996
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:56B3D146B7FB591E34D699EA4A68D92B
                                                                                                                                                                                                    SHA1:FC4FE99BA203A37F31CB368F6BD9F9145CFBAC28
                                                                                                                                                                                                    SHA-256:1433494F35725A3AA7D372205860DE5DD932CEB4FFFF2545A2CBEE2C03988D26
                                                                                                                                                                                                    SHA-512:E372808B1A325EFE2A9051822753EE6B2015222DCCD9C8F4967C8EDD5F8CC4450B912CD75E6C83E2F269809077E81FC42097FB7B14A258C57CD6B44CE98E9D5A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................v.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\2b78a8d9-4e20-4eac-9339-08e167aac9a2.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\4d96b2fe-cd33-4bba-a99d-c2efa4bf4eb1.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):59
                                                                                                                                                                                                    Entropy (8bit):4.619434150836742
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:2800881C775077E1C4B6E06BF4676DE4
                                                                                                                                                                                                    SHA1:2873631068C8B3B9495638C865915BE822442C8B
                                                                                                                                                                                                    SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
                                                                                                                                                                                                    SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\9d1ef2a0-4e04-4c44-947b-74f24f54fbe1.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):355
                                                                                                                                                                                                    Entropy (8bit):5.4944207569627
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:F76011206BC81B780B60EB2B91DF6276
                                                                                                                                                                                                    SHA1:EA467C8D8C85A9171E2ACCCD5AEEA4FC4FFE8AEA
                                                                                                                                                                                                    SHA-256:F4EE608527A5B6383ACF2E4943894CBA8E08F33F7922324B33490A944C2B8E8E
                                                                                                                                                                                                    SHA-512:C9B894BD317E930D6CD3A014597AB6FE3105CA677AFABF52B8F57DBFDC680496A9B10D69DD2673558E0AF29AF1C4A178C05187A059C93E8FFFD22EC0F43EF1EB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"sts":[{"expiry":1762895024.689961,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1731359024.689963},{"expiry":1762895022.62673,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1731359022.626731}],"version":2}

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\Cookies

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                    Entropy (8bit):0.9378221635593702
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:9057F74E24BA42A12C9CCBB8F4E83C40
                                                                                                                                                                                                    SHA1:C1389864224C376032D8D2225C1AAB0242908BF3
                                                                                                                                                                                                    SHA-256:4BC69BD77C22298A4BB25A405A128F32C309092B2EED48FAB3CB4ECFA6C0816E
                                                                                                                                                                                                    SHA-512:B1570EF935130931A49F781F5B7A392B322C9DCE7A21DCF157FFF1D72A43002B968EC7C3F39AACC3AD55095DF35B6CA7914AAA5E30388C55949B1EE5C2B366E7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................v.......@..g.....@....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):59
                                                                                                                                                                                                    Entropy (8bit):4.619434150836742
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:2800881C775077E1C4B6E06BF4676DE4
                                                                                                                                                                                                    SHA1:2873631068C8B3B9495638C865915BE822442C8B
                                                                                                                                                                                                    SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
                                                                                                                                                                                                    SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, file counter 5, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):36864
                                                                                                                                                                                                    Entropy (8bit):0.9932349628864906
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:E556EE5426F635084E4D938B28939848
                                                                                                                                                                                                    SHA1:7E96FCDC0028868B2BE4D6D01CECBAAB77523073
                                                                                                                                                                                                    SHA-256:5091D97A232431037B4D64B9282C9E8B41E1F2D5515A38587399E6853BE217E6
                                                                                                                                                                                                    SHA-512:0217F63B363AE297582EC926E4FA8321C8117D6C7AA41C796A20162BC5E4B5AF99BAD47833D52FDD99CC6D2ECF2DEDC5E027BBB57B92D452A98BB52AB70A7753
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................v..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\SCT Auditing Pending Reports~RFe10a2b.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\TransportSecurity (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):355
                                                                                                                                                                                                    Entropy (8bit):5.4944207569627
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:F76011206BC81B780B60EB2B91DF6276
                                                                                                                                                                                                    SHA1:EA467C8D8C85A9171E2ACCCD5AEEA4FC4FFE8AEA
                                                                                                                                                                                                    SHA-256:F4EE608527A5B6383ACF2E4943894CBA8E08F33F7922324B33490A944C2B8E8E
                                                                                                                                                                                                    SHA-512:C9B894BD317E930D6CD3A014597AB6FE3105CA677AFABF52B8F57DBFDC680496A9B10D69DD2673558E0AF29AF1C4A178C05187A059C93E8FFFD22EC0F43EF1EB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"sts":[{"expiry":1762895024.689961,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1731359024.689963},{"expiry":1762895022.62673,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1731359022.626731}],"version":2}

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\Trust Tokens

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):36864
                                                                                                                                                                                                    Entropy (8bit):0.3650098242300801
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:BA18BF06E5B76061522CDEF07791AB8D
                                                                                                                                                                                                    SHA1:3A237D7DC0CE618F9DADD49D9841548E3DD1302A
                                                                                                                                                                                                    SHA-256:9E73B896C702A73BC8CC8B2D8F9B8FFA303581802EBB26F95C34793A4CD12FCA
                                                                                                                                                                                                    SHA-512:382012DB8AE451368AD429C60CB7CD8E21842DFBBE8C7E8D43EDE29CDFB06FB76774365D07E7EB1EC37874F4F99F75299D0629C4CA2583683A573919C026FD1C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................v.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\aebbe4fb-a3e2-4cda-8482-01d185ea0caa.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Preferences

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2452
                                                                                                                                                                                                    Entropy (8bit):4.826011748460801
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:C440A2D11DDAB0A12BE0F4D0812B456C
                                                                                                                                                                                                    SHA1:07E2A299DFC32E9B89D115508DD5ED562A791374
                                                                                                                                                                                                    SHA-256:48316776095DC96650641DE4BCEFF470D13471AA4059E8B383D32C18D7B16D93
                                                                                                                                                                                                    SHA-512:2E6002BBD4A8E37ED87403D14DFAEAC2316EF305FFB05DA6E578C4DA92AE00FB14768988287F41E571EAAC0C50EDE8563E6A756BF293176CE093999D1E42FC37
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{.. "browser": {.. "window_placement": {.. "bottom": 1030,.. "left": 10,.. "maximized": true,.. "right": 955,.. "top": 10,.. "work_area_bottom": 1040,.. "work_area_left": 0,.. "work_area_right": 1920,.. "work_area_top": 0.. }.. },.. "first_run_tabs": [ "https://pdf.onestart.ai/en/pdfeditor" ],.. "protection": {.. "macs": {.. "browser": {.. "show_home_button": "904452986128BBEE5A7B1FFB8F342100C3150E3D9FD76C4105DF33EB021E22FD".. },.. "default_search_provider_data": {.. "template_url_data": "575D258E47F940C6887685ABA99A5839CBFE4BA30863349DFE0D0C375AAB8816".. },.. "google": {.. "services": {.. "account_id": "E5B4CD7C5FA271A47D07D462465AFD63DBF6A8CDFAFEF4839D13F8F552131486",.. "last_account_id": "6C67156FD15665D53CD24B5098D16B462BA8B8A0EFDD969A317C3235E973A4A3",.. "last_signed_in_user

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Preferences~RFe12c59.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2452
                                                                                                                                                                                                    Entropy (8bit):4.826011748460801
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:C440A2D11DDAB0A12BE0F4D0812B456C
                                                                                                                                                                                                    SHA1:07E2A299DFC32E9B89D115508DD5ED562A791374
                                                                                                                                                                                                    SHA-256:48316776095DC96650641DE4BCEFF470D13471AA4059E8B383D32C18D7B16D93
                                                                                                                                                                                                    SHA-512:2E6002BBD4A8E37ED87403D14DFAEAC2316EF305FFB05DA6E578C4DA92AE00FB14768988287F41E571EAAC0C50EDE8563E6A756BF293176CE093999D1E42FC37
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{.. "browser": {.. "window_placement": {.. "bottom": 1030,.. "left": 10,.. "maximized": true,.. "right": 955,.. "top": 10,.. "work_area_bottom": 1040,.. "work_area_left": 0,.. "work_area_right": 1920,.. "work_area_top": 0.. }.. },.. "first_run_tabs": [ "https://pdf.onestart.ai/en/pdfeditor" ],.. "protection": {.. "macs": {.. "browser": {.. "show_home_button": "904452986128BBEE5A7B1FFB8F342100C3150E3D9FD76C4105DF33EB021E22FD".. },.. "default_search_provider_data": {.. "template_url_data": "575D258E47F940C6887685ABA99A5839CBFE4BA30863349DFE0D0C375AAB8816".. },.. "google": {.. "services": {.. "account_id": "E5B4CD7C5FA271A47D07D462465AFD63DBF6A8CDFAFEF4839D13F8F552131486",.. "last_account_id": "6C67156FD15665D53CD24B5098D16B462BA8B8A0EFDD969A317C3235E973A4A3",.. "last_signed_in_user

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Preferences~RFe15722.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2452
                                                                                                                                                                                                    Entropy (8bit):4.826011748460801
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:C440A2D11DDAB0A12BE0F4D0812B456C
                                                                                                                                                                                                    SHA1:07E2A299DFC32E9B89D115508DD5ED562A791374
                                                                                                                                                                                                    SHA-256:48316776095DC96650641DE4BCEFF470D13471AA4059E8B383D32C18D7B16D93
                                                                                                                                                                                                    SHA-512:2E6002BBD4A8E37ED87403D14DFAEAC2316EF305FFB05DA6E578C4DA92AE00FB14768988287F41E571EAAC0C50EDE8563E6A756BF293176CE093999D1E42FC37
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{.. "browser": {.. "window_placement": {.. "bottom": 1030,.. "left": 10,.. "maximized": true,.. "right": 955,.. "top": 10,.. "work_area_bottom": 1040,.. "work_area_left": 0,.. "work_area_right": 1920,.. "work_area_top": 0.. }.. },.. "first_run_tabs": [ "https://pdf.onestart.ai/en/pdfeditor" ],.. "protection": {.. "macs": {.. "browser": {.. "show_home_button": "904452986128BBEE5A7B1FFB8F342100C3150E3D9FD76C4105DF33EB021E22FD".. },.. "default_search_provider_data": {.. "template_url_data": "575D258E47F940C6887685ABA99A5839CBFE4BA30863349DFE0D0C375AAB8816".. },.. "google": {.. "services": {.. "account_id": "E5B4CD7C5FA271A47D07D462465AFD63DBF6A8CDFAFEF4839D13F8F552131486",.. "last_account_id": "6C67156FD15665D53CD24B5098D16B462BA8B8A0EFDD969A317C3235E973A4A3",.. "last_signed_in_user

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Preferences~RFe1a189.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2452
                                                                                                                                                                                                    Entropy (8bit):4.826011748460801
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:C440A2D11DDAB0A12BE0F4D0812B456C
                                                                                                                                                                                                    SHA1:07E2A299DFC32E9B89D115508DD5ED562A791374
                                                                                                                                                                                                    SHA-256:48316776095DC96650641DE4BCEFF470D13471AA4059E8B383D32C18D7B16D93
                                                                                                                                                                                                    SHA-512:2E6002BBD4A8E37ED87403D14DFAEAC2316EF305FFB05DA6E578C4DA92AE00FB14768988287F41E571EAAC0C50EDE8563E6A756BF293176CE093999D1E42FC37
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{.. "browser": {.. "window_placement": {.. "bottom": 1030,.. "left": 10,.. "maximized": true,.. "right": 955,.. "top": 10,.. "work_area_bottom": 1040,.. "work_area_left": 0,.. "work_area_right": 1920,.. "work_area_top": 0.. }.. },.. "first_run_tabs": [ "https://pdf.onestart.ai/en/pdfeditor" ],.. "protection": {.. "macs": {.. "browser": {.. "show_home_button": "904452986128BBEE5A7B1FFB8F342100C3150E3D9FD76C4105DF33EB021E22FD".. },.. "default_search_provider_data": {.. "template_url_data": "575D258E47F940C6887685ABA99A5839CBFE4BA30863349DFE0D0C375AAB8816".. },.. "google": {.. "services": {.. "account_id": "E5B4CD7C5FA271A47D07D462465AFD63DBF6A8CDFAFEF4839D13F8F552131486",.. "last_account_id": "6C67156FD15665D53CD24B5098D16B462BA8B8A0EFDD969A317C3235E973A4A3",.. "last_signed_in_user

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\PreferredApps

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):33
                                                                                                                                                                                                    Entropy (8bit):4.051821770808046
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                                                                                                                                                                                    SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                                                                                                                                                                                    SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                                                                                                                                                                                    SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"preferred_apps":[],"version":1}

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\PrivateAggregation

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, file counter 2, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                    Entropy (8bit):0.3492142191231064
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:9C86BFFCBDDA480BD26A2EBF89212E38
                                                                                                                                                                                                    SHA1:2AEC250F58D0BADD524E6CB02533874CAF7EBB4F
                                                                                                                                                                                                    SHA-256:BA9F35B83B1BF3D2FB51FEF95ED9A9B77A896094124682069C20D2076947CA80
                                                                                                                                                                                                    SHA-512:3E24FEBF1BE76C393D70A3DB02B233753DD885263CA49B56CF9FCEB142FA687299AFEE03FBCF17D2A2ED6F90AD3D2B41283EFB6CE215DB35D04E0033FA49A102
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................v.......d..g...d......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Safe Browsing Network\Safe Browsing Cookies

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                    Entropy (8bit):0.6121372591693102
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:E58E2C64B8C2FE54AE61D1B7E505BC73
                                                                                                                                                                                                    SHA1:E426536FCA236FAFE02B0A54C330E90C90C024A0
                                                                                                                                                                                                    SHA-256:15A22EBBC358370AD3476BA0A0C44F87F548F01D59720D17FF580C534A35E058
                                                                                                                                                                                                    SHA-512:1CCF704BC0DA1C968DF2D204BAD825863486397BCC9DF994964B3FD6B6C2603FE8540C795D27BACEE2FDDAECFA53ACFBA09F76ED0FBCA686CD09E0CE5618328A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................v.......@..g.....@....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6205
                                                                                                                                                                                                    Entropy (8bit):5.519802963036763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:379FE834FC4B0B93ECDA8039FA3D079E
                                                                                                                                                                                                    SHA1:149AE2D6AE935FE9C756B7FD0073474D7E9D5DA9
                                                                                                                                                                                                    SHA-256:52D7AC9ABA4D9C953EE15DE01D36AF64C6C6EF187519EB9A94C755F5A1B0E7BE
                                                                                                                                                                                                    SHA-512:07F248DF1087F0B9C4087CA81E59CEE81A758789B0859D39ED7B4586A62E5990EBD0E8278395D000E56525258D32C25D3CBF897BCF8C48B6C434543FDCA6DDC9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"default_search_provider_data":{"template_url_data":{"alternate_urls":["https://onestart.ai/chr/search?iid=d1b005fc-9638-4680-912d-46fbd5b0c6ec&q={searchTerms}"],"choice_location":3,"contextual_search_url":"","created_by_policy":1,"created_from_play_api":false,"date_created":"13375832616701024","doodle_url":"","enforced_by_policy":true,"favicon_url":"","featured_by_policy":false,"id":"11","image_search_branding_label":"","image_translate_source_language_param_key":"","image_translate_target_language_param_key":"","image_translate_url":"","image_url":"","image_url_post_params":"","input_encodings":[],"is_active":1,"keyword":"onestart.ai","last_modified":"13375832616701024","last_visited":"0","logo_url":"","new_tab_url":"","originating_url":"","preconnect_to_search_url":false,"prefetch_likely_navigations":false,"prepopulate_id":0,"safe_for_autoreplace":false,"search_intent_params":[],"search_url_post_params":"","short_name":"OneStart","side_image_search_param":"","side_search_param":"",

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Secure Preferences~RFe16134.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6205
                                                                                                                                                                                                    Entropy (8bit):5.519802963036763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:379FE834FC4B0B93ECDA8039FA3D079E
                                                                                                                                                                                                    SHA1:149AE2D6AE935FE9C756B7FD0073474D7E9D5DA9
                                                                                                                                                                                                    SHA-256:52D7AC9ABA4D9C953EE15DE01D36AF64C6C6EF187519EB9A94C755F5A1B0E7BE
                                                                                                                                                                                                    SHA-512:07F248DF1087F0B9C4087CA81E59CEE81A758789B0859D39ED7B4586A62E5990EBD0E8278395D000E56525258D32C25D3CBF897BCF8C48B6C434543FDCA6DDC9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"default_search_provider_data":{"template_url_data":{"alternate_urls":["https://onestart.ai/chr/search?iid=d1b005fc-9638-4680-912d-46fbd5b0c6ec&q={searchTerms}"],"choice_location":3,"contextual_search_url":"","created_by_policy":1,"created_from_play_api":false,"date_created":"13375832616701024","doodle_url":"","enforced_by_policy":true,"favicon_url":"","featured_by_policy":false,"id":"11","image_search_branding_label":"","image_translate_source_language_param_key":"","image_translate_target_language_param_key":"","image_translate_url":"","image_url":"","image_url_post_params":"","input_encodings":[],"is_active":1,"keyword":"onestart.ai","last_modified":"13375832616701024","last_visited":"0","logo_url":"","new_tab_url":"","originating_url":"","preconnect_to_search_url":false,"prefetch_likely_navigations":false,"prepopulate_id":0,"safe_for_autoreplace":false,"search_intent_params":[],"search_url_post_params":"","short_name":"OneStart","side_image_search_param":"","side_search_param":"",

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                    Entropy (8bit):5.73674919033246
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:0D59EEA4B2A85719CF9ED5943D84B08A
                                                                                                                                                                                                    SHA1:697F6084D387812C38A3426760630DDA5D7D1786
                                                                                                                                                                                                    SHA-256:DCAA12DB275B89BE28468D2C64809FE4D00A6884906AFAFCD56EF3A63608461C
                                                                                                                                                                                                    SHA-512:02D93B01874B412DE672C44BF4A180D5AAE559EBE5AE12122AB9AB980E6931224D4B5829DA239FFB335A02CFC99E11F046AC678390D81749ED4C0A3EE6328FB5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2...p.................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.KINITDATA_UNIQUE_ORIGIN:chrome-extension://memhbiihnoblfombkckdfmemihcnlihc/..:REG:chrome-extension://memhbiihnoblfombkckdfmemihcnlihc/.0.....4chrome-extension://memhbiihnoblfombkckdfmemihcnlihc/.Dchrome-extension://memhbiihnoblfombkckdfmemihcnlihc/serviceWorker.js .(.0.8........@...Z.b.....trueh.h..h..h..h..p.x..............................REGID_TO_ORIGIN:04chrome-extension://memhbiihnoblfombkckdfmemihcnlihc/..RES:0.0.....Dchrome-extension://memhbiihnoblfombkckdfmemihcnlihc/serviceWorker.js...."@C35D78C92FAC28E781BD741BF0320715A9F7746DCE391D69ADA8BCD3CF7ED6B6..URES:0..PRES:0J..................:REG:chrome-extension://memhbiihnoblfombkckdfmemihcnlihc/.0.....4chrome-extension://memhbiihnoblfombkckdfmemihcnlihc/.Dchrome-extension://memhbiihnoblfombkckdfmemihcnlihc/serviceWorker.js .(.0.8........@...Z.b.....trueh.h..h..h..h..p.x..

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):309
                                                                                                                                                                                                    Entropy (8bit):5.147322982311345
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:6D439945F90FFBB71AF29F49EB9135CF
                                                                                                                                                                                                    SHA1:16350D2CA849E7C1CB746231260E454E3D8CA27B
                                                                                                                                                                                                    SHA-256:F9D4387E717A12969C7E93852501A612D4CF05DBB2C93B57C6C288A4C72589F1
                                                                                                                                                                                                    SHA-512:856C393B5A0B8C4A98CAEFF43BA822F0555D32B53ABE0F8C67603A7E4303BE034DF0E74EB34FBC7F8E95F50E32E9EE76C50F9730CEABC1E50AB9F990B4B74118
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:2024/11/11-16:03:47.557 9bc Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\Database since it was missing..2024/11/11-16:03:47.584 9bc Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):33639
                                                                                                                                                                                                    Entropy (8bit):4.9018627190197925
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:1ED7B6756A84C5E20ABF485C51EC5B4D
                                                                                                                                                                                                    SHA1:1F28BFB8324907BA34316AC724044402B5FE0954
                                                                                                                                                                                                    SHA-256:76CA1E375613C05DEA2AEF614B909F4BF2B0136EEA2985DED476455B7773A955
                                                                                                                                                                                                    SHA-512:331F17895492CCC51373896F5078FEB678134C5DE94215A4468E5EE845E3D3262DD9EF2636235421BB389D9D95F834081A9EA576960E8629194B1A31AB539615
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:0\r..m..........rSG.....0/******/ (() => { // webpackBootstrap./******/ ."use strict";./******/ .var __webpack_modules__ = ({../***/ 700:./***/ ((__unused_webpack_module, __webpack_exports__, __webpack_require__) => {...// EXPORTS.__webpack_require__.d(__webpack_exports__, {. A: () => (/* binding */ Ads).});..// EXTERNAL MODULE: ./src/background/user.ts.var user = __webpack_require__(223);.// EXTERNAL MODULE: ./src/common/tabs.ts.var tabs = __webpack_require__(655);.// EXTERNAL MODULE: ./src/common/messages.ts.var messages = __webpack_require__(95);.;// CONCATENATED MODULE: ./src/background/spotlight.ts..const showSpotlight = async (adData, tabId)=>{. const tab = await (0,tabs/* getTab */.i)(tabId);. const tabWidth = tab.width ?? 0;. const tabHeight = tab.height ?? 0;. // Spotlight unit can fit into the screen. if (tabWidth <= adData.width || tabHeight <= adData.height) {. return;. }. // Tab is in focus. if (!tab.active) {. return;. }. await

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):42625
                                                                                                                                                                                                    Entropy (8bit):5.886418982364951
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:622B421778D4A312F9A6D7E82490CC97
                                                                                                                                                                                                    SHA1:13D4F6796B0ABFBB95BEEB224586C3FA9020F526
                                                                                                                                                                                                    SHA-256:C33700BB5C7C8EDAFA8591C4B881EE2E02A6A1D21FA637901F80503E6D0C4812
                                                                                                                                                                                                    SHA-512:98DB852D4BC29FA39D96986BCE622DA652684A321B560011F39A13F4824A7E55285200BD726F97ADC6027E46D3DF10CE460EE39458E9F23999C761D456C9E20C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:0\r..m..........rSG.....0....&.2.........:....CGv......"K<R<. ............0T..4...`............a........`............q.`.....0T....`<.........a........`........<.`.....<Sb............. Rf.......__webpack_modules__..$Rg..._....__webpack_module_cache__. Rf.W".....__webpack_require__.b............I`....Da.........0T..h..`z........4a........`..........`......B`.....b..............B`....b............r8................1..../...........7...........1.../.........._..../.......`.....(Sb............,`....Da*........ ....d..........0..........H......PQ.L.'..D...chrome-extension://memhbiihnoblfombkckdfmemihcnlihc/serviceWorker.jsa........Db............D`........Y.`............0T......`...........`a........`..........`.q.`,....xSb.............RbR^.,....user..Rb..}.....tabs..Rc........messages..Re.J.?....showSpotlight.....Re...'....common_static.....Rd~.......REQUEST_URL...Rd"?.p....AD_FILL_URL...Re.Y.u....CONVERSION_URL... Rf&.M.....MAX_KEYWORDS_LENGTH...Rb6......Ads.i.......................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                    Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                    SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                    SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                    SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:0\r..m..................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):72
                                                                                                                                                                                                    Entropy (8bit):3.4820790904273955
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:8EFC506CE8E0623F1AC5C9137E554AB3
                                                                                                                                                                                                    SHA1:32313DD622682C04C1C5B53698B47430E46084EF
                                                                                                                                                                                                    SHA-256:845055AFA1C01049146CCFFEFDB2D59912CA48455682EAB15E2A1C5E5D014207
                                                                                                                                                                                                    SHA-512:79F556952829989B0069D4F45A12B95B6EEF82FC960C7C5F9FF177B8137DAA94A18D12E3693B2B14A5018275385810E0DE092EE5AB380BA5C7D260559085AE03
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:@...p..Foy retne.............*...........X....,<........*......p+[.?./.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):72
                                                                                                                                                                                                    Entropy (8bit):3.4820790904273955
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:8EFC506CE8E0623F1AC5C9137E554AB3
                                                                                                                                                                                                    SHA1:32313DD622682C04C1C5B53698B47430E46084EF
                                                                                                                                                                                                    SHA-256:845055AFA1C01049146CCFFEFDB2D59912CA48455682EAB15E2A1C5E5D014207
                                                                                                                                                                                                    SHA-512:79F556952829989B0069D4F45A12B95B6EEF82FC960C7C5F9FF177B8137DAA94A18D12E3693B2B14A5018275385810E0DE092EE5AB380BA5C7D260559085AE03
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:@...p..Foy retne.............*...........X....,<........*......p+[.?./.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe1893e.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):72
                                                                                                                                                                                                    Entropy (8bit):3.4820790904273955
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:8EFC506CE8E0623F1AC5C9137E554AB3
                                                                                                                                                                                                    SHA1:32313DD622682C04C1C5B53698B47430E46084EF
                                                                                                                                                                                                    SHA-256:845055AFA1C01049146CCFFEFDB2D59912CA48455682EAB15E2A1C5E5D014207
                                                                                                                                                                                                    SHA-512:79F556952829989B0069D4F45A12B95B6EEF82FC960C7C5F9FF177B8137DAA94A18D12E3693B2B14A5018275385810E0DE092EE5AB380BA5C7D260559085AE03
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:@...p..Foy retne.............*...........X....,<........*......p+[.?./.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Session Storage\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                    Size (bytes):170
                                                                                                                                                                                                    Entropy (8bit):4.859392233597476
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:69A4E654504885EEE333AD22E8E89FB3
                                                                                                                                                                                                    SHA1:32183CF99507DB17DFE5A0E66D3137925792F119
                                                                                                                                                                                                    SHA-256:47650131571C8C130A838435F08A2BBEE69BC3FC2FA5DB9EE24625021B409E23
                                                                                                                                                                                                    SHA-512:49717FCE739CAA71D724B081B017B791710B32901B3FB426F432EA50C6BCA4237B1B2CD04688BF6FC43C99B8B0F1B55D5289D9FC6C993A6B5173CAD9D716CEA4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:*...#................version.1..namespace-..&f.................qhf................next-map-id.1.Gnamespace-28db73ac_f7e4_47b3_a72e_990b792b2cb7-https://pdf.onestart.ai/.0

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Session Storage\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):295
                                                                                                                                                                                                    Entropy (8bit):5.049938287844508
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:1F2BD2EC9C3247CDAAC411E7E32F5EB3
                                                                                                                                                                                                    SHA1:DEE395916561EC57D224BC2E34F5AB13CDA1C644
                                                                                                                                                                                                    SHA-256:C9C1E495E65AC5ECF6E3B20C0363837049916EDA0336EC4B0EB0631E6A201544
                                                                                                                                                                                                    SHA-512:546A853BBFE1000EA7304AF1543F9F42587947EA977BF6EC3A7801E6F643CB1DC8E9FD55EDB62662D1AE47F12F90E0C8C6C5406CF4682CFB648761AF856C8DE2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:2024/11/11-16:03:36.713 1760 Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Session Storage since it was missing..2024/11/11-16:03:36.971 1760 Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Session Storage/MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Session Storage\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Sessions\Session_13375832620318605

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2654
                                                                                                                                                                                                    Entropy (8bit):3.2924944601876533
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:14CC283EDA7F264A20B47B4E97B92349
                                                                                                                                                                                                    SHA1:DBF26BC2276712F7D649AF54B333E62081B7016E
                                                                                                                                                                                                    SHA-256:F7B914C9DCFD0375BA2E4F6C7D84F58F31A59AEC5F6510E9829B800788C99E31
                                                                                                                                                                                                    SHA-512:76D4C1F737CBBC1AF5D3E9445641F9E356F378434DBCFD2E60F0F4C629762E183242848001135F4A883E926E91D06DD13382E91C3258F0FE8F14EDEC40DB8E2B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SNSS.......^e.+...........^e.+...........^e.+...... ^e.+......._e.+......._e.+....!.._e.+...............................^e.+_e.+1..,..._e.+$...28db73ac_f7e4_47b3_a72e_990b792b2cb7...^e.+......._e.+.......?./....^e.+...^e.+....................5..0...^e.+&...{B73A861C-73E7-4C64-A13F-93691DFF4930}.... ^e.+.......^e.+.......................^e.+.........................._e.+....)..$..._e.+....$...https://pdf.onestart.ai/en/pdfeditor....|...x...!...p...................................................................................................;Qdo.&..<Qdo.&..........0...............(.......................................................P...$...h.t.t.p.s.:././.p.d.f...o.n.e.s.t.a.r.t...a.i./.e.n./.p.d.f.e.d.i.t.o.r.................................8.......0.......8....................................................................... .......................................................P...$...4.0.0.0.f.d.f.2.-.5.1.4.7.-.4.9.6.2.-.b.4.0.a.-.2.0.d.9.a.1.9.c.c.8.a.a.................P...

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Shared Dictionary\cache\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                    Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                    SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                    SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                    SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:0\r..m..................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Shared Dictionary\cache\index-dir\temp-index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                                    Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:EC384A043F36B80EF2D9FDAED11CA75C
                                                                                                                                                                                                    SHA1:5B9EEA325DC20D96FD7FB70DE9F6C175F1F38B69
                                                                                                                                                                                                    SHA-256:57217A427FF6D4CF7A502C22AC939700D8071A599856B2A46CBBF3FEA7864D39
                                                                                                                                                                                                    SHA-512:24EEC7E314DE80FAA6227620ADA0DD8543A4A3BFCA370506B4E72E310956EB4FC7CA9FFC10AE55ED8F1A19AFBE21A2E3CBD45E1D6B87647ACE48452F7B5B4EEE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:(......oy retne........................&S..?./.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                                    Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:EC384A043F36B80EF2D9FDAED11CA75C
                                                                                                                                                                                                    SHA1:5B9EEA325DC20D96FD7FB70DE9F6C175F1F38B69
                                                                                                                                                                                                    SHA-256:57217A427FF6D4CF7A502C22AC939700D8071A599856B2A46CBBF3FEA7864D39
                                                                                                                                                                                                    SHA-512:24EEC7E314DE80FAA6227620ADA0DD8543A4A3BFCA370506B4E72E310956EB4FC7CA9FFC10AE55ED8F1A19AFBE21A2E3CBD45E1D6B87647ACE48452F7B5B4EEE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:(......oy retne........................&S..?./.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Shared Dictionary\db

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, file counter 2, database pages 11, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):45056
                                                                                                                                                                                                    Entropy (8bit):0.42922658759693877
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:358D089087AA109E41F38DDDA1FF8368
                                                                                                                                                                                                    SHA1:42F68E8E7C6806485AAB068AD2EF9D8992FE3867
                                                                                                                                                                                                    SHA-256:E1EA1994A9C238120944C0009B25C9B75C3B8ACB5CC137A78CD4A8450C809130
                                                                                                                                                                                                    SHA-512:4630EBA964CE1DCCFBB8663F04141C91FF0A3CEE399621637BDEF17C696735316DA23A5BF6F7235B9616005652D175E276E83C8ACA5F99F9F3B4D9C713818553
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................v..........g...|.*.../...W............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\SharedStorage

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, writer version 2, read version 2, file counter 1, database pages 1, cookie 0, schema 0, unknown 0 encoding, version-valid-for 1
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                                                    Entropy (8bit):0.0905602561507182
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:B016510815CFC2BCD2E04D07A0D4CF80
                                                                                                                                                                                                    SHA1:8B67DFF3DEBD7898315D5051C1CA791E3EC9E25F
                                                                                                                                                                                                    SHA-256:02E374A9C1AFDD0D65F515922C3343CD3EA5CC8CCEA04D9F026A9406AF752B55
                                                                                                                                                                                                    SHA-512:5AF6956CC960770D5651B19096A0F55143CAC4FE79F76054042180E9EBBB322A9B1A29DC4FBBB8C12BD8708BB2AF67C8B4280B70B0D1192021FD8D423333344B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................v.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\SharedStorage-journal

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite Rollback Journal
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):512
                                                                                                                                                                                                    Entropy (8bit):0.28499812076190567
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:4BD303AE4B14A6BAF4295E8D1D1B33BE
                                                                                                                                                                                                    SHA1:86D306A22AEE3FDFD2E024D6992F5C3EEF8DC455
                                                                                                                                                                                                    SHA-256:EB798268635B7AEA32C475F5DB0F1D7C996E7A2A3FB1556E96AAE11822B56C0C
                                                                                                                                                                                                    SHA-512:F444AAD574E4B8864979FB7EFD463BFAE041DF5C9DBC5832C91CE9C41F6F843311781C1192BE06769A26A0985360BBB4AE5337D55548C928FCF2F7324FF3849B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.... .c......1..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Shortcuts

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                    Entropy (8bit):0.44175530836674604
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:1280B6A34A85985CD99595B263B4C34E
                                                                                                                                                                                                    SHA1:98B01FE4669D85B1782647E116D7C1515939F924
                                                                                                                                                                                                    SHA-256:69EBF9B3A2AAF0BE0FC621EBA4BB5ED2873E1EF20C96BFD9C5059CE3FEAE0C80
                                                                                                                                                                                                    SHA-512:9595A631DFCBFB7CF221799C61D2D255EE2C8848DBE47895CA7BD55C80A75E7387A6909D34520ED40BA62BDE781F5D02F60AF37BF29964E977F8FB4062B2FA40
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................v..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Site Characteristics Database\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Site Characteristics Database\000003.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):40
                                                                                                                                                                                                    Entropy (8bit):3.473726825238924
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:148079685E25097536785F4536AF014B
                                                                                                                                                                                                    SHA1:C5FF5B1B69487A9DD4D244D11BBAFA91708C1A41
                                                                                                                                                                                                    SHA-256:F096BC366A931FBA656BDCD77B24AF15A5F29FC53281A727C79F82C608ECFAB8
                                                                                                                                                                                                    SHA-512:C2556034EA51ABFBC172EB62FF11F5AC45C317F84F39D4B9E3DDBD0190DA6EF7FA03FE63631B97AB806430442974A07F8E81B5F7DC52D9F2FCDC669ADCA8D91F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.On.!................database_metadata.1

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Site Characteristics Database\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):321
                                                                                                                                                                                                    Entropy (8bit):4.9723945556171385
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:A2018421BF0108FD608F9B1E440D9C74
                                                                                                                                                                                                    SHA1:DCE166DE4A1116F6D3E7AFD453604610A9008E7D
                                                                                                                                                                                                    SHA-256:2D780F19FD73383D3A88E233627DD7FFA4BF0146D26D0CA0D2D6D09633250810
                                                                                                                                                                                                    SHA-512:A55BD00A30EAB1054E321DA88748427C37D733EF28BDC75C92B61B4EDC27B2FC5D568641C12D7A27611A73B1D5311A493767021726930AB90992DB6330D6F912
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:2024/11/11-16:03:34.032 414 Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Site Characteristics Database since it was missing..2024/11/11-16:03:34.472 414 Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Site Characteristics Database/MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Site Characteristics Database\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Sync Data\LevelDB\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Sync Data\LevelDB\000003.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):46
                                                                                                                                                                                                    Entropy (8bit):4.019797536844534
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:90881C9C26F29FCA29815A08BA858544
                                                                                                                                                                                                    SHA1:06FEE974987B91D82C2839A4BB12991FA99E1BDD
                                                                                                                                                                                                    SHA-256:A2CA52E34B6138624AC2DD20349CDE28482143B837DB40A7F0FBDA023077C26A
                                                                                                                                                                                                    SHA-512:15F7F8197B4FC46C4C5C2570FB1F6DD73CB125F9EE53DFA67F5A0D944543C5347BDAB5CCE95E91DD6C948C9023E23C7F9D76CFF990E623178C92F8D49150A625
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:...n'................_mts_schema_descriptor...

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Sync Data\LevelDB\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):299
                                                                                                                                                                                                    Entropy (8bit):5.1283758329156655
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:6F0D7F3B276EC1AEBF827A28A00E5BB9
                                                                                                                                                                                                    SHA1:0DCD993FA063D7DF66F015F110D942AD8BBD98CC
                                                                                                                                                                                                    SHA-256:9CA607D839102C2FA696E147BC181AC4AC5275F2B38CA2AD01183F4381F85A21
                                                                                                                                                                                                    SHA-512:9208E2871C151EE37D38BB1809544B96236CC6943318F092AB27CDBE678557F9AFFDD20BDF8661813BF608BE3511003624C531D026B252929164679814049EC0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:2024/11/11-16:03:34.005 1b94 Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Sync Data\LevelDB since it was missing..2024/11/11-16:03:34.434 1b94 Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Top Sites

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                    Entropy (8bit):0.37183843434873126
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:220CEEE1D8619A3D13CF2358135AAFDA
                                                                                                                                                                                                    SHA1:F98AEF3776F9D095F55B0068516AF5D7ADC00C74
                                                                                                                                                                                                    SHA-256:C05858C15EC3E96A46FD3FB9139BE18C22373970028A3688EE2AE406D18D7F41
                                                                                                                                                                                                    SHA-512:6EB60475C046B6317C2C8AFCABA86EBF321D68ECFF10E870C8CE0C3AB0B0648B956A45F0C118B335A6799939AF55EDF29471F37247751C4DC77A7420AD0CE2F4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................v..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Visited Links

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):131072
                                                                                                                                                                                                    Entropy (8bit):0.012052291231245566
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:FA70BBEA9E214579CAFFC4FC9438CB70
                                                                                                                                                                                                    SHA1:0A21C2C5ABC49DF5984E278A041F727245AF4D02
                                                                                                                                                                                                    SHA-256:56B8C0D4928199119467FC03F0C3B69F430C9C25D23D13D55FC976935315BEA5
                                                                                                                                                                                                    SHA-512:66C6AD401242E29CD209EF4FA393875185E6E32D8AD39710A52AC1EC7D2EC338F9B75098D654D1BCC0FAD2FE5E1F59F7AEFCFCF150DF6994ACB8E1451F5563C5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:VLnk.....?........u..b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Web Data

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, page size 2048, file counter 3, database pages 63, cookie 0x26, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):129024
                                                                                                                                                                                                    Entropy (8bit):1.1344690588734954
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:F75E87D9C4C544D60A633F2F754F7D24
                                                                                                                                                                                                    SHA1:49FB4E0ADCFEF6957E775CB0702A81EE3EA0A7CF
                                                                                                                                                                                                    SHA-256:CA0B352C96F324340460210EAE1C16653E1981FC76203587C73EB54A38823F4E
                                                                                                                                                                                                    SHA-512:CCAAF6F0ED37C3AB1A28A7E2ED7CB45EDFAF1BFCBF9F4886F336072F1F86C4D927FC72610447588C06774BC4E1F82AFBBB76AE556F24D550D1B9B520CED08EDB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ .......?...........&......................................................v............=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):40960
                                                                                                                                                                                                    Entropy (8bit):0.49199360120005886
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:BA7A950898384C303C64E938D21C36ED
                                                                                                                                                                                                    SHA1:A95DA1EC34AE4A51F3FDAEDA40D1DCD98AE4D31C
                                                                                                                                                                                                    SHA-256:0B15D3C2D3BA8B7FEF631D94C4A96070825FD3E5932B94D13A7E58BBCD46BF64
                                                                                                                                                                                                    SHA-512:36820F92762F802F2071574221A27E97B8CB3344991DA46E20FC401EEC5A3F170EADA54D74132A3AFEB1C91FFD7E2B50D0E0CE761C57BF66C895056F45E4EEBD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................v.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\a65c0f4f-b82c-4d43-866f-162db264bd04.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):9602
                                                                                                                                                                                                    Entropy (8bit):5.191400954115965
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:B919A8BD5D5F496BDC004405A9BE0C21
                                                                                                                                                                                                    SHA1:1AA125564A34D9C9F0B6AC14D958CA3B544CE144
                                                                                                                                                                                                    SHA-256:82F1307C089CE9690AF198E200E50ED595C92DB14ADE4023890850FD7FC9DD8B
                                                                                                                                                                                                    SHA-512:0E918C0422F243DE910ED8F0D8FB66DFE9F09E08F03A7DB6A4EC18B3B64C966D935B5946B28139AF507BCAD1EAB789D8D46D036881D85EA27A03DBFEC63AC894
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"account_tracker_service_last_update":"13375832614726758","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13375832614033569","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":126},"autofill":{"last_version_deduped":126},"browser":{"has_seen_welcome_page":false,"window_placement":{"bottom":1030,"left":10,"maximized":false,"right":955,"top":10}},"countryid_at_install":18242,"default_apps_install_state":3,"default_search_provider":{"synced_guid":"04e7a9fa-708c-43d3-93ee-3a398fe03efc"},"domain_diversity":{"last_reporting_timestamp":"13375832614804418"},"enterprise_profile_guid":"8a10d777-beef-47bf-a134-388ece7a6db6","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"126.0.6478.128"},"first_run_tabs":["https://pdf.onestart.ai/en/pdfeditor"],"gaia_cookie":{"changed_time":1731359018.420876,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"ga

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\a8599fa3-358f-48af-9760-8dd3cb1c1ffa.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):167109
                                                                                                                                                                                                    Entropy (8bit):5.081780452241832
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:70E5D4E286C45331931C22DBF5B15A9B
                                                                                                                                                                                                    SHA1:BB4DBEE62F4410666033D8BBF658227C80A3AD9A
                                                                                                                                                                                                    SHA-256:6FD93AA2E71AE66DF17C2E84E719D27DF69762375894522D80C95D7C82393793
                                                                                                                                                                                                    SHA-512:BB3931D23042265B7F9C0E4F35470FED8E3279CF677AA7B98DDCF19E110E1EA61B36778890B322BD0FA111023F6097CF4DFE185CF54C89A8E5B2AC3FF5283913
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ..?...M..(............. ..............................-.-./...TI..}...v..#,.....*.+./..2 ..+...I:..........,....5!..0.../ g.!.|._`...<.....&...0.....B.........gc.../......F...O...D).........:w.........H...Q...G..'O..`............E0..H...O...E...2...4...<...K,......D1..J...K...M...P...U-....................................(............. ....................................Y.8'..f\...~...|..TX.............-...1.......,...SE.......Y.........-.U.1.../...0.../..&...]X...p......U./..2...2...-.x.3"..#...A:..j.......$...0.o."...............D...Q.........@k..R...G}......U......h...*.........I...N...L...Bi.....................F_..L...I...I..1...........,...3U......F...L...J...K...C...@...H...L...............G^..I...H...J...M...JY..........................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\ba52e7c1-c95d-4b9b-9be8-24d22f8e8c85.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):9710
                                                                                                                                                                                                    Entropy (8bit):5.191350472418536
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:0AC576E172F06B671CBDF44BFB52CB59
                                                                                                                                                                                                    SHA1:0C5C981E1BCC6827AA2DE6E7217FDE3F3BEEB332
                                                                                                                                                                                                    SHA-256:DEB90D3466613F4DA4FFC2F82E77B58E528842E2F881F3E0CADC7D1EF4010711
                                                                                                                                                                                                    SHA-512:1A26FC5B4E33819C02E28CC9E7890DADCEFCC699E22E67C2BF460BA2181342C71C9244C8A378DAC1E83064FAC9F1C031856FDA24B8C197E68F2EA0EA5C56F5B1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"account_tracker_service_last_update":"13375832614726758","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13375832614033569","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":126},"autofill":{"last_version_deduped":126},"browser":{"has_seen_welcome_page":false,"window_placement":{"bottom":1030,"left":10,"maximized":false,"right":955,"top":10}},"countryid_at_install":18242,"default_apps_install_state":3,"default_search_provider":{"synced_guid":"04e7a9fa-708c-43d3-93ee-3a398fe03efc"},"domain_diversity":{"last_reporting_timestamp":"13375832614804418"},"enterprise_profile_guid":"8a10d777-beef-47bf-a134-388ece7a6db6","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"126.0.6478.128"},"first_run_tabs":["https://pdf.onestart.ai/en/pdfeditor"],"gaia_cookie":{"changed_time":1731359018.420876,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"ga

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\be9e4076-9942-46ba-af97-34fc93211f5e.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6205
                                                                                                                                                                                                    Entropy (8bit):5.519802963036763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:379FE834FC4B0B93ECDA8039FA3D079E
                                                                                                                                                                                                    SHA1:149AE2D6AE935FE9C756B7FD0073474D7E9D5DA9
                                                                                                                                                                                                    SHA-256:52D7AC9ABA4D9C953EE15DE01D36AF64C6C6EF187519EB9A94C755F5A1B0E7BE
                                                                                                                                                                                                    SHA-512:07F248DF1087F0B9C4087CA81E59CEE81A758789B0859D39ED7B4586A62E5990EBD0E8278395D000E56525258D32C25D3CBF897BCF8C48B6C434543FDCA6DDC9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"default_search_provider_data":{"template_url_data":{"alternate_urls":["https://onestart.ai/chr/search?iid=d1b005fc-9638-4680-912d-46fbd5b0c6ec&q={searchTerms}"],"choice_location":3,"contextual_search_url":"","created_by_policy":1,"created_from_play_api":false,"date_created":"13375832616701024","doodle_url":"","enforced_by_policy":true,"favicon_url":"","featured_by_policy":false,"id":"11","image_search_branding_label":"","image_translate_source_language_param_key":"","image_translate_target_language_param_key":"","image_translate_url":"","image_url":"","image_url_post_params":"","input_encodings":[],"is_active":1,"keyword":"onestart.ai","last_modified":"13375832616701024","last_visited":"0","logo_url":"","new_tab_url":"","originating_url":"","preconnect_to_search_url":false,"prefetch_likely_navigations":false,"prepopulate_id":0,"safe_for_autoreplace":false,"search_intent_params":[],"search_url_post_params":"","short_name":"OneStart","side_image_search_param":"","side_search_param":"",

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\d8b919df-b2c3-4731-8569-b21ab309bd83.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):9341
                                                                                                                                                                                                    Entropy (8bit):5.186227042529536
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:6E87DF47765616FC0700C79BD3535028
                                                                                                                                                                                                    SHA1:4E22827A661B265599AE49226959D53300B099EA
                                                                                                                                                                                                    SHA-256:998F00F7EED5F6991B0D789A75073DBFC7BD04095C0A359B2B08EC81CB9AA163
                                                                                                                                                                                                    SHA-512:50EFE70DB35041367AAEA29BB16DA44D5AF68ADE8AB02B937B6EB3C61CDB23A9D931892E0C8B699C2D62B5AAC2DD48DEF8205423097A194232587D3A478638C3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"account_tracker_service_last_update":"13375832614726758","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13375832614033569","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":126},"autofill":{"last_version_deduped":126},"browser":{"has_seen_welcome_page":false,"window_placement":{"bottom":1030,"left":10,"maximized":true,"right":955,"top":10}},"countryid_at_install":18242,"default_apps_install_state":3,"default_search_provider":{"synced_guid":"04e7a9fa-708c-43d3-93ee-3a398fe03efc"},"domain_diversity":{"last_reporting_timestamp":"13375832614804418"},"enterprise_profile_guid":"8a10d777-beef-47bf-a134-388ece7a6db6","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"126.0.6478.128"},"first_run_tabs":["https://pdf.onestart.ai/en/pdfeditor"],"gaia_cookie":{"changed_time":1731359018.420876,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gai

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\ea25fa06-f163-4b3a-a97b-43e74a872fd8.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8460
                                                                                                                                                                                                    Entropy (8bit):5.543904996287815
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:82337EFBCD5EF12EB9BCCB0B848906B0
                                                                                                                                                                                                    SHA1:C394F4FDDF5E6E96C6A911B1CAE7F8FAF518BB63
                                                                                                                                                                                                    SHA-256:F31D3745A9B70B1B066F9F611F70145E493B60EFCA2078789D575E5F600F4859
                                                                                                                                                                                                    SHA-512:B8A0966203C1C9014BB1878E56EFC4185AFC3E5FE11CF02A4D9A99B7BA70405A268C87FA322BB245073B258514EF3AD878231CCDBB3B3FBCFC482C237D680F1B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"default_search_provider_data":{"template_url_data":{"alternate_urls":["https://onestart.ai/chr/search?iid=d1b005fc-9638-4680-912d-46fbd5b0c6ec&q={searchTerms}"],"choice_location":3,"contextual_search_url":"","created_by_policy":1,"created_from_play_api":false,"date_created":"13375832616701024","doodle_url":"","enforced_by_policy":true,"favicon_url":"","featured_by_policy":false,"id":"11","image_search_branding_label":"","image_translate_source_language_param_key":"","image_translate_target_language_param_key":"","image_translate_url":"","image_url":"","image_url_post_params":"","input_encodings":[],"is_active":1,"keyword":"onestart.ai","last_modified":"13375832616701024","last_visited":"0","logo_url":"","new_tab_url":"","originating_url":"","preconnect_to_search_url":false,"prefetch_likely_navigations":false,"prepopulate_id":0,"safe_for_autoreplace":false,"search_intent_params":[],"search_url_post_params":"","short_name":"OneStart","side_image_search_param":"","side_search_param":"",

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\fffa850d-cc3d-47e7-9fa8-b67f49c7f9b8.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):167109
                                                                                                                                                                                                    Entropy (8bit):5.081780452241832
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:70E5D4E286C45331931C22DBF5B15A9B
                                                                                                                                                                                                    SHA1:BB4DBEE62F4410666033D8BBF658227C80A3AD9A
                                                                                                                                                                                                    SHA-256:6FD93AA2E71AE66DF17C2E84E719D27DF69762375894522D80C95D7C82393793
                                                                                                                                                                                                    SHA-512:BB3931D23042265B7F9C0E4F35470FED8E3279CF677AA7B98DDCF19E110E1EA61B36778890B322BD0FA111023F6097CF4DFE185CF54C89A8E5B2AC3FF5283913
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ..?...M..(............. ..............................-.-./...TI..}...v..#,.....*.+./..2 ..+...I:..........,....5!..0.../ g.!.|._`...<.....&...0.....B.........gc.../......F...O...D).........:w.........H...Q...G..'O..`............E0..H...O...E...2...4...<...K,......D1..J...K...M...P...U-....................................(............. ....................................Y.8'..f\...~...|..TX.............-...1.......,...SE.......Y.........-.U.1.../...0.../..&...]X...p......U./..2...2...-.x.3"..#...A:..j.......$...0.o."...............D...Q.........@k..R...G}......U......h...*.........I...N...L...Bi.....................F_..L...I...I..1...........,...3U......F...L...J...K...C...@...H...L...............G^..I...H...J...M...JY..........................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\heavy_ad_intervention_opt_out.db

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16384
                                                                                                                                                                                                    Entropy (8bit):0.3519250993311556
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:56B9706A81A233EDFA726B351E150636
                                                                                                                                                                                                    SHA1:01FC2783EB2F7E6B8B83374C826859DE45F87D6E
                                                                                                                                                                                                    SHA-256:C65C6AD07BB139ADCD7450FC0D107D18D8CB538A068707283C7676F31BB8E385
                                                                                                                                                                                                    SHA-512:CD9333F2104E32463ACFFB1D54FB162CA6577C4C163DC441A492B8A8A929090C40046321F901F16CD669095C56AD6670241E87168AB36498451A8CE09A769614
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................v.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7872
                                                                                                                                                                                                    Entropy (8bit):6.638445430081504
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:0912B3FB75FFB52530A8AE0F5EFB7C21
                                                                                                                                                                                                    SHA1:F7034FDD70CE873FF202ED0592E264603CEB949C
                                                                                                                                                                                                    SHA-256:7ADCE6A4FED2F983AB0EF0D69F2DB78F4457FD329710B37FD461DD5203264449
                                                                                                                                                                                                    SHA-512:811DEAE7DDB72821EA03BE57FEFA840AC6C8D835F2C9306CDE0ED415FF59948F51F68A09B956AF922DD3CE4464DFAA73E537274E6058C520C27E045DDE3AA88A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.f.5..................)................41_https://www.example.com/.....................37_DEFAULT_16v...h.... .(.0.R*.(....Session.TotalDuration.T<.A..GO .(.0.../.'.%....?..ChromeLowUserEngagement..Other...... .(....10...g..................37_DEFAULT_21........... .(.0.RZ.X...CCommerce.PriceDrops.ActiveTabNavigationComplete.IsProductDetailPage.w.cG$.. .(.0.8.R9.7...$Autofill_PolledCreditCardSuggestions...c..vP. .(.0...$........?..ShoppingUser..Other...... .(....10.... ................37_DEFAULT_23........... .(.0.RH.F...1Omnibox.SuggestionUsed.ClientSummarizedResultType.q/.v.g:` .(.0.8.Ra._.DSELECT COUNT(id) FROM metrics WHERE metric_hash = '64BD7CCE5A95BF00'......................dh...8.0........?..Low......@..Medium......A..High..None...... .(....10....M.................37_DEFAULT_27........... .(.0.R=.;...."%..wait_for_device_info_in_seconds..60*.SyncDeviceInfoh.p...t.r.p....AndroidPhone..IosPhoneChrome..AndroidTablet..IosTablet..Desktop..Other..SyncedAndFirstDevice..NotSynced..

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):293
                                                                                                                                                                                                    Entropy (8bit):5.171253751705842
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:9F1A5AB5D0B94BA57E87DB280624F916
                                                                                                                                                                                                    SHA1:6C55956B668139973E14AAE731F995F7B0BA166C
                                                                                                                                                                                                    SHA-256:AA2BC1D4E26E554CD8C21F559AC252FBAF972970E43D4DE025D36C6644A78E01
                                                                                                                                                                                                    SHA-512:1381B705A35A88FD178D1B90B55121B44A1860C14D95B4BECB5108A8ED9886C599069E6270A00005F93FD56D715AD7777F12E35C681C4FEAFE0E3946E0368F71
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:2024/11/11-16:03:34.892 9a0 Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db since it was missing..2024/11/11-16:03:35.351 9a0 Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db/MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1048
                                                                                                                                                                                                    Entropy (8bit):3.932914804491949
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:AB7F95E8A2F621F1FE2183CF1D8A0211
                                                                                                                                                                                                    SHA1:452D5DA8C096BBCB8C09299067B0565CCA769E4B
                                                                                                                                                                                                    SHA-256:82F90C8D16BE24DAE65D769B90C062F0269E9D27D8574509774A5EB209B78A0E
                                                                                                                                                                                                    SHA-512:EF408B6B2BE140C379744C2FEE6CA7FD35775F414776773AE891C81A13128B54579CC40223DDD66F8278ABDFB1839431D29242A43952338A9167660C15BF9035
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.h.6.................__global... .t...................__global... .y..H.................50_..........................44_.....|G...................49_....../@..................48_.......N..................33_.....$0 ..................41_.......5..................21_.....{.w..................32_.....'}2..................37_.......c..................38_......i...................39_......cZy.................50_...../....................44_......8..................49_.......-8.................48_.......C.................21_......8...................33_......$9..................41_.....n....................32_......@o..................37_.....n5._.................38_.....LZa..................39_.......LL.................20_..........................19_.......n..................9_.....TN...................3_.....{-%z.................4_.....L..D.................18_.....2}./.................20_......g.9... .............19_........L...!.............3_.......g....".............9_.....y......#.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):311
                                                                                                                                                                                                    Entropy (8bit):5.135872913754218
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:9FFC4DF20D655A465B1275FADEB40819
                                                                                                                                                                                                    SHA1:4FB9102D7CB12E4C5621BEDCE0851A8EFC37DD8F
                                                                                                                                                                                                    SHA-256:50D387D7F07C5E55E2BE35577C3B391F9FC21310668E03DE032424F26BF01CBF
                                                                                                                                                                                                    SHA-512:324D3C312E15252FDF4D38CE05E2C6F11325B993A835C12773BC6F2891D2EFE92F6A25A708DAF58A0B70A8232481321C90062E058915A8A4FA337D347240F7DB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:2024/11/11-16:03:34.357 9a0 Creating DB C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\metadata since it was missing..2024/11/11-16:03:34.708 9a0 Reusing MANIFEST C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\trusted_vault.pb (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):38
                                                                                                                                                                                                    Entropy (8bit):4.023471592049354
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:3433CCF3E03FC35B634CD0627833B0AD
                                                                                                                                                                                                    SHA1:789A43382E88905D6EB739ADA3A8BA8C479EDE02
                                                                                                                                                                                                    SHA-256:F7D5893372EDAA08377CB270A99842A9C758B447B7B57C52A7B1158C0C202E6D
                                                                                                                                                                                                    SHA-512:21A29F0EF89FEC310701DCAD191EA4AB670EDC0FC161496F7542F707B5B9CE619EB8B709A52073052B0F705D657E03A45BE7560C80909E92AE7D5939CE688E9C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:..... 2a68348c2ca0c50ad315d43d90f5a986

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\DeferredBrowserMetrics\BrowserMetrics-67327129-1AFC.pma (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4194304
                                                                                                                                                                                                    Entropy (8bit):0.006074957759105921
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:F21C12F1F6485227DEC6F98A7F6A2DB1
                                                                                                                                                                                                    SHA1:4E23D45FFA53741E1C2A5A9202714349806A828A
                                                                                                                                                                                                    SHA-256:66DBFFDF54240971C86C9AB8B3D6555E193CB8FE5D5D75869D809D79AD78B210
                                                                                                                                                                                                    SHA-512:FA8E29702E5D822771D059CBA3DC7C99149C79A6FFBC8091F620504B9AB3680F722F0FC2FE0B912F44A116C9DEBE1549F105794B82D20824EA3CC9A0829C489B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:...@..@...@.....C.].....@...............`...................`... ...i.y.........BrowserMetrics......i.y..Yd.........A.......d...2......._.z.....Gy.7....................Gy.7....................UMA.PersistentAllocator.EarlyHistograms.BrowserMetrics......i.y.["......................................................................................................................... ..."...$...&...(...*...-...0...3...6...9...<...@...D...H...L...P...U...Z..._...d...............i.y..Yd........A...............`...v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.3....................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GrShaderCache\data_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):45056
                                                                                                                                                                                                    Entropy (8bit):0.1114798322985277
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:8851B70BB4AD30B52864387AB4D6D552
                                                                                                                                                                                                    SHA1:7E309A8538985E36902AC4018663D32FA01C226B
                                                                                                                                                                                                    SHA-256:B9E5378A3F931FFF33E2F0BF82251F0C48EA30585C8C1C1593F198299E75B150
                                                                                                                                                                                                    SHA-512:74B4A21A80AAE12DC168EE4626E59781581A511A777A0A497B1B48613FB12842F8F6F0B0A0AF1C3A1F8279AEC1BFE12EF2796A92C3C2497CB68F9D79D4F21676
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:............$....................................................................?......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GrShaderCache\data_1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                    Entropy (8bit):0.21505942694402772
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:1EA73A239929094F03692864DFE7DE99
                                                                                                                                                                                                    SHA1:B7FF1D578C8F6FBA45057F8C1F5F4094C485AFC7
                                                                                                                                                                                                    SHA-256:166E41DD3EEC1022ECAB8A3E71CB0ED192FEF606C32FAC85D3CB06289333B097
                                                                                                                                                                                                    SHA-512:C353DFD4192AE6B3F913A94959676CC656CD8A9D3AF83F5589F2D219A0B127A9BCDC20EDB4CD55B4391DF069DC209E75CAE3C297B9845D38CE1E0AC0D7BC1CAE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GrShaderCache\data_2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GrShaderCache\data_3

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4202496
                                                                                                                                                                                                    Entropy (8bit):0.24115600334456874
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:2FCD8242C605AD389058A4B7FCF61C7C
                                                                                                                                                                                                    SHA1:D1EA5DA85F02A4B7429F3B7DDF8EA399DEA08BD8
                                                                                                                                                                                                    SHA-256:DBFD03BB3A1634D2BA49A48E22CA0584A44AFB19F693897054156833ABDE1538
                                                                                                                                                                                                    SHA-512:77628B23032F59C409F43A6497A43B046652C402C5B0FDBE2AF8EB315F567D54ADC457CA312F4F18E5213BAB1087EF6EDA1177D445FC0A16296E2514CB75A76A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.................................................................................w.www..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GrShaderCache\f_000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16908
                                                                                                                                                                                                    Entropy (8bit):4.65489731873544
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:B7313727AF2A46FD570F026ED90FB04B
                                                                                                                                                                                                    SHA1:086C59F8D54F606291A68D97C67382C5DBE91A94
                                                                                                                                                                                                    SHA-256:E30EFADB2334335DB91DAC814F62F55321BF91D7139A44E703F8A9B73560B7E8
                                                                                                                                                                                                    SHA-512:C49CF22F383667C11C48126574B671838F7C514752C2A6B64EB30C6DCF187637A159E7949F2C7A30D74C5AC36319F814B364BA74F10A2FC1F150D2F42FE86277
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:....BPLG.........A..6412bd14b81dfa25...._...d.......ANGLE (Intel, Intel(R) UHD Graphics 630 (0x00003E98) Direct3D11 vs_5_0 ps_5_0, D3D11-27.20.100.9415)........................................................................................................................................................................,...............,.......................position........_upositionP.......................color........_ucolorR.......................localCoord........_ulocalCoordP..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GrShaderCache\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):262512
                                                                                                                                                                                                    Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:F72AA60AE5623DBE67FC0D3E16F2A68F
                                                                                                                                                                                                    SHA1:4184893D908469554846E90F2C9D4134973989C4
                                                                                                                                                                                                    SHA-256:BF19CFFAF9942620DD6A97AB52D1EF26140C688D532BEDA6AB4B887B34B7B80F
                                                                                                                                                                                                    SHA-512:3B5798D5857C5367D4343398CF2632AAD778DACC7244C73E4B582BA13E587CD95ACA59E8ED91A277831F458DAF408C1FBA25FFDFC4B0361ACC59105DD120825A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................u...?./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GraphiteDawnCache\data_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GraphiteDawnCache\data_1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                    Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                    SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                    SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                    SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GraphiteDawnCache\data_2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GraphiteDawnCache\data_3

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\GraphiteDawnCache\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):262512
                                                                                                                                                                                                    Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:93F152681A834EC328B9959ED5FA5BA5
                                                                                                                                                                                                    SHA1:F59E77EA7017B9231BF56DCB468B3BA5DAD7AAF2
                                                                                                                                                                                                    SHA-256:719B60FDA2926D33BAC227162B49DEF22E4C98DCCBEC4074D8F7FE7EB3A26705
                                                                                                                                                                                                    SHA-512:7CA1FADBDED5E7092D8ADCA99BF41ABC5DCF085F29520AFBDBFA7C96359EC60B06AFA7F7214CE156160DD15B5E61BFB288F5D2CD8989134BF785963163E962B5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:............................................?./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Last Browser

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):150
                                                                                                                                                                                                    Entropy (8bit):3.0972865117126833
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:D69FCF0BD73E0484E01346D2477CCD25
                                                                                                                                                                                                    SHA1:299E5D398639F49D5FC60D65B72FB69786571506
                                                                                                                                                                                                    SHA-256:1FD9F12139BA7F09B3FF97C3AC193424E83481475B1506D20ACAA72819859FC7
                                                                                                                                                                                                    SHA-512:8ED8FA8D6F650A5A662FD4D7999F8B79C48C6000F5FE49A48CD8F9D247C273C802BEC39A95AAA3B5358B8BB163F06A9A9B799FD7579204823935F83FCCA8DB31
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:C.:.\.U.s.e.r.s.\.A.r.t.h.u.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.O.n.e.S.t.a.r.t...a.i.\.O.n.e.S.t.a.r.t.\.A.p.p.l.i.c.a.t.i.o.n.\.o.n.e.s.t.a.r.t...e.x.e.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Last Version

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14
                                                                                                                                                                                                    Entropy (8bit):2.8962915290459286
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:32847B34A56745F3FD744AF836C60611
                                                                                                                                                                                                    SHA1:848B5728471909DE049FB98090AB38CFDFFB27E2
                                                                                                                                                                                                    SHA-256:89CDFDAE394AEEC06E1E0522D14BAE6EFE302BFE9B4E254D5850182C44239DDC
                                                                                                                                                                                                    SHA-512:DA5227888A7354EC42CCCFAC9FC2FBF5C88E58EA30BD50AB9559FA2F330B8A8501637497962071C8DC895E47F3CDA3874F17C0B3F808FF99DB0A611DB3B889BC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:126.0.6478.128

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Local State (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):847
                                                                                                                                                                                                    Entropy (8bit):5.697187066173804
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:B80C39824CB09C3837A000F734B6C1E2
                                                                                                                                                                                                    SHA1:A38D654BBEF2B412E001AB98C4E7C87E73C43267
                                                                                                                                                                                                    SHA-256:6BD7920879BBCE4C9ED655539BBF9C8696B8463711954DBF35013EEE8D44504D
                                                                                                                                                                                                    SHA-512:A277F52053D8DE062079E200F523B688ED3B16CDAE77D2606B6F196696DF85D72EFDFCC0EA9444ABE94240BD1CB946B5FBB5CA1337322B5E62E614819B018BFF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"background_tracing":{"session_state":{"privacy_filter":true,"state":0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA6vxecm76BQJWKOsxqFV2AEAAAABIAAABPAG4AZQBTAHQAYQByAHQAAAAQZgAAAAEAACAAAACGT/IPUVT3uDSRlwTlCYPZMNHOwbXY17bEdaK9jW+tXgAAAAAOgAAAAAIAACAAAAAtk1ITrL6jOoBsDm5DD7/BF+TKKpB5SYzxYdGihL9LTjAAAABLcEUtWUKqcj5DsMzj/kdNp7rCV2Cnald9rrW2t0CKAxSH156941wGAiR1MYn5BcJAAAAAn7P2dArObGUwSCVXOFMYWCzdILsPH4nRgnNA4h2AuZfjysFIbowFQzSgPbVPgn7WL45OT/0I0iP3rCWVCH605w=="},"uninstall_metrics":{"installation_date2":"1731359012"},"user_experience_metrics":{"limited_entropy_randomization_source":"7CC9B44F753248B8A0AB92E136524DF1","low_entropy_source3":5184,"pseudo_low_entropy_source":6392,"stability":{"browser_last_live_timestamp":"13375832612703205"}},"variations_limited_entropy_synthetic_trial_seed_v2":"24"}

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Local State~RFe1025b.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):847
                                                                                                                                                                                                    Entropy (8bit):5.697187066173804
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:B80C39824CB09C3837A000F734B6C1E2
                                                                                                                                                                                                    SHA1:A38D654BBEF2B412E001AB98C4E7C87E73C43267
                                                                                                                                                                                                    SHA-256:6BD7920879BBCE4C9ED655539BBF9C8696B8463711954DBF35013EEE8D44504D
                                                                                                                                                                                                    SHA-512:A277F52053D8DE062079E200F523B688ED3B16CDAE77D2606B6F196696DF85D72EFDFCC0EA9444ABE94240BD1CB946B5FBB5CA1337322B5E62E614819B018BFF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"background_tracing":{"session_state":{"privacy_filter":true,"state":0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA6vxecm76BQJWKOsxqFV2AEAAAABIAAABPAG4AZQBTAHQAYQByAHQAAAAQZgAAAAEAACAAAACGT/IPUVT3uDSRlwTlCYPZMNHOwbXY17bEdaK9jW+tXgAAAAAOgAAAAAIAACAAAAAtk1ITrL6jOoBsDm5DD7/BF+TKKpB5SYzxYdGihL9LTjAAAABLcEUtWUKqcj5DsMzj/kdNp7rCV2Cnald9rrW2t0CKAxSH156941wGAiR1MYn5BcJAAAAAn7P2dArObGUwSCVXOFMYWCzdILsPH4nRgnNA4h2AuZfjysFIbowFQzSgPbVPgn7WL45OT/0I0iP3rCWVCH605w=="},"uninstall_metrics":{"installation_date2":"1731359012"},"user_experience_metrics":{"limited_entropy_randomization_source":"7CC9B44F753248B8A0AB92E136524DF1","low_entropy_source3":5184,"pseudo_low_entropy_source":6392,"stability":{"browser_last_live_timestamp":"13375832612703205"}},"variations_limited_entropy_synthetic_trial_seed_v2":"24"}

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Local State~RFe128de.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):847
                                                                                                                                                                                                    Entropy (8bit):5.697187066173804
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:B80C39824CB09C3837A000F734B6C1E2
                                                                                                                                                                                                    SHA1:A38D654BBEF2B412E001AB98C4E7C87E73C43267
                                                                                                                                                                                                    SHA-256:6BD7920879BBCE4C9ED655539BBF9C8696B8463711954DBF35013EEE8D44504D
                                                                                                                                                                                                    SHA-512:A277F52053D8DE062079E200F523B688ED3B16CDAE77D2606B6F196696DF85D72EFDFCC0EA9444ABE94240BD1CB946B5FBB5CA1337322B5E62E614819B018BFF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"background_tracing":{"session_state":{"privacy_filter":true,"state":0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA6vxecm76BQJWKOsxqFV2AEAAAABIAAABPAG4AZQBTAHQAYQByAHQAAAAQZgAAAAEAACAAAACGT/IPUVT3uDSRlwTlCYPZMNHOwbXY17bEdaK9jW+tXgAAAAAOgAAAAAIAACAAAAAtk1ITrL6jOoBsDm5DD7/BF+TKKpB5SYzxYdGihL9LTjAAAABLcEUtWUKqcj5DsMzj/kdNp7rCV2Cnald9rrW2t0CKAxSH156941wGAiR1MYn5BcJAAAAAn7P2dArObGUwSCVXOFMYWCzdILsPH4nRgnNA4h2AuZfjysFIbowFQzSgPbVPgn7WL45OT/0I0iP3rCWVCH605w=="},"uninstall_metrics":{"installation_date2":"1731359012"},"user_experience_metrics":{"limited_entropy_randomization_source":"7CC9B44F753248B8A0AB92E136524DF1","low_entropy_source3":5184,"pseudo_low_entropy_source":6392,"stability":{"browser_last_live_timestamp":"13375832612703205"}},"variations_limited_entropy_synthetic_trial_seed_v2":"24"}

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Local State~RFe15c81.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):847
                                                                                                                                                                                                    Entropy (8bit):5.697187066173804
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:B80C39824CB09C3837A000F734B6C1E2
                                                                                                                                                                                                    SHA1:A38D654BBEF2B412E001AB98C4E7C87E73C43267
                                                                                                                                                                                                    SHA-256:6BD7920879BBCE4C9ED655539BBF9C8696B8463711954DBF35013EEE8D44504D
                                                                                                                                                                                                    SHA-512:A277F52053D8DE062079E200F523B688ED3B16CDAE77D2606B6F196696DF85D72EFDFCC0EA9444ABE94240BD1CB946B5FBB5CA1337322B5E62E614819B018BFF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"background_tracing":{"session_state":{"privacy_filter":true,"state":0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA6vxecm76BQJWKOsxqFV2AEAAAABIAAABPAG4AZQBTAHQAYQByAHQAAAAQZgAAAAEAACAAAACGT/IPUVT3uDSRlwTlCYPZMNHOwbXY17bEdaK9jW+tXgAAAAAOgAAAAAIAACAAAAAtk1ITrL6jOoBsDm5DD7/BF+TKKpB5SYzxYdGihL9LTjAAAABLcEUtWUKqcj5DsMzj/kdNp7rCV2Cnald9rrW2t0CKAxSH156941wGAiR1MYn5BcJAAAAAn7P2dArObGUwSCVXOFMYWCzdILsPH4nRgnNA4h2AuZfjysFIbowFQzSgPbVPgn7WL45OT/0I0iP3rCWVCH605w=="},"uninstall_metrics":{"installation_date2":"1731359012"},"user_experience_metrics":{"limited_entropy_randomization_source":"7CC9B44F753248B8A0AB92E136524DF1","low_entropy_source3":5184,"pseudo_low_entropy_source":6392,"stability":{"browser_last_live_timestamp":"13375832612703205"}},"variations_limited_entropy_synthetic_trial_seed_v2":"24"}

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Local State~RFe18c4b.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):847
                                                                                                                                                                                                    Entropy (8bit):5.697187066173804
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:B80C39824CB09C3837A000F734B6C1E2
                                                                                                                                                                                                    SHA1:A38D654BBEF2B412E001AB98C4E7C87E73C43267
                                                                                                                                                                                                    SHA-256:6BD7920879BBCE4C9ED655539BBF9C8696B8463711954DBF35013EEE8D44504D
                                                                                                                                                                                                    SHA-512:A277F52053D8DE062079E200F523B688ED3B16CDAE77D2606B6F196696DF85D72EFDFCC0EA9444ABE94240BD1CB946B5FBB5CA1337322B5E62E614819B018BFF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"background_tracing":{"session_state":{"privacy_filter":true,"state":0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA6vxecm76BQJWKOsxqFV2AEAAAABIAAABPAG4AZQBTAHQAYQByAHQAAAAQZgAAAAEAACAAAACGT/IPUVT3uDSRlwTlCYPZMNHOwbXY17bEdaK9jW+tXgAAAAAOgAAAAAIAACAAAAAtk1ITrL6jOoBsDm5DD7/BF+TKKpB5SYzxYdGihL9LTjAAAABLcEUtWUKqcj5DsMzj/kdNp7rCV2Cnald9rrW2t0CKAxSH156941wGAiR1MYn5BcJAAAAAn7P2dArObGUwSCVXOFMYWCzdILsPH4nRgnNA4h2AuZfjysFIbowFQzSgPbVPgn7WL45OT/0I0iP3rCWVCH605w=="},"uninstall_metrics":{"installation_date2":"1731359012"},"user_experience_metrics":{"limited_entropy_randomization_source":"7CC9B44F753248B8A0AB92E136524DF1","low_entropy_source3":5184,"pseudo_low_entropy_source":6392,"stability":{"browser_last_live_timestamp":"13375832612703205"}},"variations_limited_entropy_synthetic_trial_seed_v2":"24"}

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\ShaderCache\data_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\ShaderCache\data_1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                    Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                    SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                    SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                    SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\ShaderCache\data_2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\ShaderCache\data_3

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\ShaderCache\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):262512
                                                                                                                                                                                                    Entropy (8bit):9.47693366977411E-4
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:C6820222E5B9B358326FED1538FD07FA
                                                                                                                                                                                                    SHA1:343449C0EADBF3D8389712228DBF7121236B4080
                                                                                                                                                                                                    SHA-256:7801406FF4D8DC15953F3CEB11FF7741F8EBE2B1639743A9159DE397BDCE4A1D
                                                                                                                                                                                                    SHA-512:CE885FAFF497A63BC2DB83D1A884894C38D8AAA04C18C575A6842E9C8E0D7BA67AFD33D7D02B8A0638050299C58D8E28131333A275BEC9E57798FFC608458DAF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:..........................................|.?./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Variations

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):86
                                                                                                                                                                                                    Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:961E3604F228B0D10541EBF921500C86
                                                                                                                                                                                                    SHA1:6E00570D9F78D9CFEBE67D4DA5EFE546543949A7
                                                                                                                                                                                                    SHA-256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
                                                                                                                                                                                                    SHA-512:535F930AFD2EF50282715C7E48859CC2D7B354FF4E6C156B94D5A2815F589B33189FFEDFCAF4456525283E993087F9F560D84CFCF497D189AB8101510A09C472
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":0}

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\a55d83bb-3571-4c4c-97cd-69342f2da420.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3633
                                                                                                                                                                                                    Entropy (8bit):5.40845533829483
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:A75D16A81E8226901D47BEFCEB3B6C0B
                                                                                                                                                                                                    SHA1:82D2B3D01C4B93214F5BFA3DBD06D07F5082411B
                                                                                                                                                                                                    SHA-256:BFC4FF0F0542D1B3E2D5FD332426A6AD04DEABC29F3E5A450EA11DFB6858E811
                                                                                                                                                                                                    SHA-512:DB86C4C53CC2144004606703677E3B6F5A06B4BAB3E68EE6A69DAB5DCE8F49A8708100C81B993A84D61D6AF9C9F5367AA9FA3E5A2DE562DB82E25DB9A46A1F11
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"background_mode":{"enabled":true},"background_tracing":{"session_state":{"privacy_filter":true,"state":0}},"breadcrumbs":{"enabled":false,"enabled_time":"13375832613371648"},"browser":{"first_run_finished":true,"shortcut_migration_version":"126.0.6478.128"},"check_updates_on_startup":{"enabled":true},"hardware_acceleration_mode_previous":true,"keep_app_up_to_date":{"enabled":true},"launch_browser_on_startup":{"enabled":true},"launch_browser_on_wake":{"enabled":true},"launch_dock_on_startup":{"enabled":true},"legacy":{"profile":{"name":{"migrated":true}}},"local":{"password_hash_data_list":[]},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"optimization_guide":{"model_store_metadata":{}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA6vxecm76BQJWKOsxqFV2AEAAAABIAAABPAG4AZQBTAHQAYQByAHQAAAAQZgAAAAEAACAAAACGT/IPUVT3uDSRlwTlCYPZMNHOwbXY17bEdaK9jW+tXgAAAAAOgAAAAAIAACAAAAAtk1ITrL6jOoBsDm5DD7/BF+TKKpB5SYzxYdGihL9LTjAAA

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\b47022ba-52f9-4fac-aba1-b1a2d687aac2.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3521
                                                                                                                                                                                                    Entropy (8bit):5.397515614686763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:FAEEDC19BAF6A1C8A94C6457E22CE670
                                                                                                                                                                                                    SHA1:C46CEA6D0B1DFF7EDB2A597E4EB32FFC3AD33807
                                                                                                                                                                                                    SHA-256:69563DF93A39FD388910444B37C55C122476C0679FD613DF0FC2157D1C0EA01F
                                                                                                                                                                                                    SHA-512:3A93BA485D01F637C5DA85193DB7E3F70BA59132DE9ED1921B18FD9992FDCE9602BF9E9B83D989A8020D7EE241A1CA06D7E1087C74BB1EAB50A7E6645CF37E2F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{"background_mode":{"enabled":true},"background_tracing":{"session_state":{"privacy_filter":true,"state":0}},"breadcrumbs":{"enabled":false,"enabled_time":"13375832613371648"},"browser":{"first_run_finished":true,"shortcut_migration_version":"126.0.6478.128"},"check_updates_on_startup":{"enabled":true},"hardware_acceleration_mode_previous":true,"keep_app_up_to_date":{"enabled":true},"launch_browser_on_startup":{"enabled":true},"launch_browser_on_wake":{"enabled":true},"launch_dock_on_startup":{"enabled":true},"legacy":{"profile":{"name":{"migrated":true}}},"local":{"password_hash_data_list":[]},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"optimization_guide":{"model_store_metadata":{}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA6vxecm76BQJWKOsxqFV2AEAAAABIAAABPAG4AZQBTAHQAYQByAHQAAAAQZgAAAAEAACAAAACGT/IPUVT3uDSRlwTlCYPZMNHOwbXY17bEdaK9jW+tXgAAAAAOgAAAAAIAACAAAAAtk1ITrL6jOoBsDm5DD7/BF+TKKpB5SYzxYdGihL9LTjAAA

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.567f5df81ea0c9bdcfb7221f0ea091893150f8c16e3012e4f0314ba3d43f1632 (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:Google Chrome extension, version 3
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14507539
                                                                                                                                                                                                    Entropy (8bit):7.999857010958995
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:3DB950B4014A955D2142621AAEECD826
                                                                                                                                                                                                    SHA1:C2B728B05BC34B43D82379AC4CE6BDAE77D27C51
                                                                                                                                                                                                    SHA-256:567F5DF81EA0C9BDCFB7221F0EA091893150F8C16E3012E4F0314BA3D43F1632
                                                                                                                                                                                                    SHA-512:03105DCF804E4713B6ED7C281AD0343AC6D6EB2AED57A897C6A09515A8C7F3E06B344563E224365DC9159CFD8ED3EF665D6AEC18CC07AAAD66EED0DC4957DDE3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:Cr24..............0.."0...*.H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.|1..n.<Fb..f..*Q1.....s..2..{*.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-*eu...b.........d.x.,.......o.6.......|..gn{F..d.."....L.....!_qC/..#......E.Z..tA....s..=...6*.%@..K(.v...D.v.z..ZO$...v.,....m.V?;'...e.ajM.@1.`..Fa.}......g.C.5...+.9...F|.b.nY.K....p..z...E.....|...Q..Gt.<....[.")nt+.....sw.i.`c.m}.....p.p..2:. .{..N.......0..0...*.H............0............<.bi.......'o..h...ZD..".^.`...........zG(.....d..,.t<...ZD..g.*_wI.5.-..g.).._......:.P.......B..4S....$..d...............E^.A...L.>F...E.A./VpY<.O3.....!.+Pv....6.a.r..?n.L .....s...V.^..x\.T.J...5...%aGe.0"}.QGc......T.Ljh.2..k.t.ym.....H..?.y....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!.......t.>g'=>.o.k....{..

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\first_party_sets.db

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, file counter 1, database pages 12, cookie 0xa, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):49152
                                                                                                                                                                                                    Entropy (8bit):0.5160159945805083
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:E52D9864A92D73CABB391DF745E79D60
                                                                                                                                                                                                    SHA1:ACCA54C8968C914D08821D88B3EF925AD084F8E3
                                                                                                                                                                                                    SHA-256:72294439EA999709AE9574292116846BF946D640FDE793E49DEEC4A2B3A23BB9
                                                                                                                                                                                                    SHA-512:FE4ED62A668EE3BE1A9208E9D17A9B57B784C8F63ED47B6DA6282DE71C8415788B65A869F5938C3BD18AD945AE49FEB32E45D38059B17F00296F8AB2330A2065
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................v.......\..g.................C.\......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\segmentation_platform\ukm_db

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3045002, file counter 11, database pages 12, cookie 0xb, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):49152
                                                                                                                                                                                                    Entropy (8bit):0.37323556012560016
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:42EB168DADB65F1AC131D6E678182F3F
                                                                                                                                                                                                    SHA1:004347069BF5FEC235A546BE1720EEFE12B16F2C
                                                                                                                                                                                                    SHA-256:E04BD28B7A9AFA16B8A696E811E8A085AD3CC7D6FCC67AB48B4CB4D5CA656089
                                                                                                                                                                                                    SHA-512:BC7BB1E558B429C6294558CDAF51926794EA04F4940E4564CDC0B56EC237EE047E232F82B360C24A8CF945CF50B522FA879A39C70AB04C69A9BE8916F9831962
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................v.......<..........x.....j.....<......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\segmentation_platform\ukm_db-journal

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):25136
                                                                                                                                                                                                    Entropy (8bit):0.026774823037000857
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:572ACD6CAF27F32C1B97E94EE891B033
                                                                                                                                                                                                    SHA1:5EC51BBE0DAFD36BB11532C859D40761BE3001F8
                                                                                                                                                                                                    SHA-256:C30E57FD11166F70499F6D85CAAFEC08BF1BE8FB81816C85F2FC6718B1556417
                                                                                                                                                                                                    SHA-512:78AFDF222A13AB592B243B1A371E529F6798D4B08ED301F96B961EE54F19626D22FB1A91B3AF83B9A329AA93113BA9930FCEA4639D4B67C58D3DC80272191DD1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.............x2.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\3dcee5b7-177d-4a0b-b986-84c58e9e98f2.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:PNG image data, 300 x 300, 8-bit colormap, non-interlaced
                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                    Size (bytes):86016
                                                                                                                                                                                                    Entropy (8bit):7.919685194123284
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:79F473EABF7F73A6B8FD3BC1B23D2AB9
                                                                                                                                                                                                    SHA1:A5865318842A7D403E056DC7C104BD1109436F8F
                                                                                                                                                                                                    SHA-256:05A6687B5191F125888897DEEA482CB7B96514C3255985D02779D0DB3DA9CD3E
                                                                                                                                                                                                    SHA-512:7D1CFB7B3AABB103AF582FC9D6DDFD9B6E113D0210A71CB9F37FFA3FE14E107FAFE6A1408CF13184EF9B39201ED29B972038766FD3AEBB59A0269C7B42AD2E8C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.PNG........IHDR...,...,.....N.~G....gAMA......a....IiCCPsRGB IEC61966-2.1..H..SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m....... ......O.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\971e1b77-c31c-44bc-a3a4-e7fe9bd26ddc.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:Google Chrome extension, version 3
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16531
                                                                                                                                                                                                    Entropy (8bit):7.960808577940416
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:B573810B867447E62F77BD35663C2B07
                                                                                                                                                                                                    SHA1:FB663C755F6472D752244E3337967A1261BD27D3
                                                                                                                                                                                                    SHA-256:9F270911E90BC74F3628BBE1083F5189F4D57FB61D3E5A1674C6FE3997439D41
                                                                                                                                                                                                    SHA-512:5DC7BB708C03470EBA1EF7A00B4B26DC516FEA852E38E81D40F32BB540F775A4599BF049F4FC1D28AC7479B30F6086E8631B914DAE00EFA5C596015973381457
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:Cr24....E.........0.."0...*.H.............0.........G3fQ.......r.s.-+Dz...4..1)..F.TI..fF2.@H...fn.q.c./.l}..U.&.bFl.#.p..(g............."....L.RM. t..O.....E......OQ..r....w.s...<..`j.......Q..;.}...z..3[.x...^./R.....y.y....z.....g..v.$.&.g.\....5.M..Z.u...}...9F..K.v....dW....a.h..7D._q..............L+T)..C3..[..T....sj..8].t.~q.Z,Z.)...HY6.69f...b..X)...E6.5.H4.q......t.<[.<.w.,.kb..F.s.#I..9.@M.......m.t..'+../PUX..o9\..F,.....w.V...sz.x.n....{:.qz...u..[J.DRD~...6(.E..:.Ro;t..8mw"..4...b..U.]._......t......c..b.c..cN..=...v..d....................^...\L.-.rPK..-.....#&.Y..04...........conversion-overlay.js.....................T.n.@.}G.?L.....I..*"..Z)O..[.;.....;8v".{....v%..9saf.Iw"....{x.(...j................5Yv.%..O..19+2.[...7h...!.y...1....K..}."2.XX...1..M..6...3..8.. .IyS..Y....-...ao2.gJB.>9&...8.i...T.l.~..(GY.1S.r.Q\c....%.l.8.......$..Q2..W..#.I.m....f...AA...W.<_.Q..Z/.b..H...~.q\Fh.2O.U._.......X.;.I.eed%..B.....-.....j..b.H...

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\MSI1139.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):925800
                                                                                                                                                                                                    Entropy (8bit):6.5962529078695535
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                                                                                                    SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                                                                                                    SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                                                                                                    SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\MSI11F5.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):925800
                                                                                                                                                                                                    Entropy (8bit):6.5962529078695535
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                                                                                                    SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                                                                                                    SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                                                                                                    SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\MSI24EB.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):925800
                                                                                                                                                                                                    Entropy (8bit):6.5962529078695535
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                                                                                                    SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                                                                                                    SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                                                                                                    SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\MSI2598.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):925800
                                                                                                                                                                                                    Entropy (8bit):6.5962529078695535
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                                                                                                    SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                                                                                                    SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                                                                                                    SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\MSI25F7.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):925800
                                                                                                                                                                                                    Entropy (8bit):6.5962529078695535
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                                                                                                    SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                                                                                                    SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                                                                                                    SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\MSI2656.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):925800
                                                                                                                                                                                                    Entropy (8bit):6.5962529078695535
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                                                                                                    SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                                                                                                    SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                                                                                                    SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\MSI26A5.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):925800
                                                                                                                                                                                                    Entropy (8bit):6.5962529078695535
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                                                                                                    SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                                                                                                    SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                                                                                                    SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\MSI26F4.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1192800
                                                                                                                                                                                                    Entropy (8bit):6.44425651286448
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:E612B2F3C68A7D5C34592C88778766B2
                                                                                                                                                                                                    SHA1:E18329C9F763F923682408032B7B35A4E62FDF81
                                                                                                                                                                                                    SHA-256:403869ED494BCBC3E535B492F2EBFAD95748049E203FF7C31AC1AFB38D8909ED
                                                                                                                                                                                                    SHA-512:753C8D4600595C0B83F1A5BCA9DA637D56D7778FFD74A90942EE243E6B998C113E372B35CDE4AA90B4A11152176812E354A6C0761B169243ECF5D3A9C793B543
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I..x'..x'..x'.J.$..x'.J.".,x'.[.#..x'.[.$..x'.[."..x'.J.#..x'.J.&..x'..x&..y'.j....x'.j.'..x'.j...x'..x...x'.j.%..x'.Rich.x'.........PE..L......f.........."!...'.f...........i.......................................@.......{....@A...........................t...d...........................`=......(k......p...........................@...@...............8............................text....d.......f.................. ..`.rdata..X7.......8...j..............@..@.data...............................@....rsrc...............................@..@.reloc..(k.......l..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\MSI2753.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):925800
                                                                                                                                                                                                    Entropy (8bit):6.5962529078695535
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                                                                                                    SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                                                                                                    SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                                                                                                    SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\MSI27A2.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):925800
                                                                                                                                                                                                    Entropy (8bit):6.5962529078695535
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                                                                                                    SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                                                                                                    SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                                                                                                    SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\MSI2800.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):925800
                                                                                                                                                                                                    Entropy (8bit):6.5962529078695535
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                                                                                                    SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                                                                                                    SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                                                                                                    SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\bb5c037d-2239-4422-b9d2-4afad0e48be2.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                    SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                    SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                    SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\chromium_installer.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1040
                                                                                                                                                                                                    Entropy (8bit):5.287673165519285
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:29BBED674F72F06B2F7EB8D9E4A2A6F5
                                                                                                                                                                                                    SHA1:E2A721574C642E97C9F0B78F2BDB1D67CF453C6F
                                                                                                                                                                                                    SHA-256:7D8DF347733A782E9DFB1D410F50DEBC6A47227FC10364045B0D1190A08F65FE
                                                                                                                                                                                                    SHA-512:8D00A491C2EFF0D6F79515EC596E1E27E778F925CB8EBF41231F69D3CB99CB908B9719501C04CE95A56EBA8676FEB02653CAEADDD3BF2E757A55A59C0E524D2C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:[1111/160330.725:ERROR:install_worker.cc(198)] Unexpected result creating NotificationActivator; hr=0x0.[1111/160330.868:VERBOSE1:setup_main.cc(1472)] Command Line: "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0.[1111/160330.868:VERBOSE1:setup_main.cc(1478)] system install is 0.[1111/160330.868:VERBOSE1:installer_state.cc(87)] Install Chrome.[1111/160331.056:VERBOSE1:install_util.cc(247)] Windows NT 10.0.19042.[1111/160331.056:VERBOSE1:install.cc(120)] Creating per-user Desktop "OneStart" shortcut to C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe--launch-bundle..[1111/160331.181:VERBOSE1:install.cc(120)] Creating per-user Quick Launch "OneStart" shortcut to C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe..[1111/160331.212:VERBOSE1:install.cc(120)] Creating per-user Start menu "OneStart" shortcut to C:\Users\user\AppData\Local\OneStar

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir2028_1271254821\971e1b77-c31c-44bc-a3a4-e7fe9bd26ddc.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:Google Chrome extension, version 3
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16531
                                                                                                                                                                                                    Entropy (8bit):7.960808577940416
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:B573810B867447E62F77BD35663C2B07
                                                                                                                                                                                                    SHA1:FB663C755F6472D752244E3337967A1261BD27D3
                                                                                                                                                                                                    SHA-256:9F270911E90BC74F3628BBE1083F5189F4D57FB61D3E5A1674C6FE3997439D41
                                                                                                                                                                                                    SHA-512:5DC7BB708C03470EBA1EF7A00B4B26DC516FEA852E38E81D40F32BB540F775A4599BF049F4FC1D28AC7479B30F6086E8631B914DAE00EFA5C596015973381457
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:Cr24....E.........0.."0...*.H.............0.........G3fQ.......r.s.-+Dz...4..1)..F.TI..fF2.@H...fn.q.c./.l}..U.&.bFl.#.p..(g............."....L.RM. t..O.....E......OQ..r....w.s...<..`j.......Q..;.}...z..3[.x...^./R.....y.y....z.....g..v.$.&.g.\....5.M..Z.u...}...9F..K.v....dW....a.h..7D._q..............L+T)..C3..[..T....sj..8].t.~q.Z,Z.)...HY6.69f...b..X)...E6.5.H4.q......t.<[.<.w.,.kb..F.s.#I..9.@M.......m.t..'+../PUX..o9\..F,.....w.V...sz.x.n....{:.qz...u..[J.DRD~...6(.E..:.Ro;t..8mw"..4...b..U.]._......t......c..b.c..cN..=...v..d....................^...\L.-.rPK..-.....#&.Y..04...........conversion-overlay.js.....................T.n.@.}G.?L.....I..*"..Z)O..[.;.....;8v".{....v%..9saf.Iw"....{x.(...j................5Yv.%..O..19+2.[...7h...!.y...1....K..}."2.XX...1..M..6...3..8.. .IyS..Y....-...ao2.gJB.>9&...8.i...T.l.~..(GY.1S.r.Q\c....%.l.8.......$..Q2..W..#.I.m....f...AA...W.<_.Q..Z/.b..H...~.q\Fh.2O.U._.......X.;.I.eed%..B.....-.....j..b.H...

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir2028_1271254821\CRX_INSTALL\conversion-overlay.js

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1302
                                                                                                                                                                                                    Entropy (8bit):4.838614609437837
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:3A20B9F4EF495A63BEE5D888E8B4B3DC
                                                                                                                                                                                                    SHA1:7A9ED620408D90BF48ADAC0B27B60380FB29F6FA
                                                                                                                                                                                                    SHA-256:3068255B082566CE594DB7981B98C6CA841B79E11E803A4A117BBD2D664A3079
                                                                                                                                                                                                    SHA-512:C0B28FF9ECAD616A87C2B7B66E318B18B4FE1185B7184B3127731EB76600F873815BF3D3F129A3BD4B887B77C5404551FE62D3C14879CF79548CA9244C8FF8AE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:/******/ (() => { // webpackBootstrap.var __webpack_exports__ = {};.function createOverlay() {. var tos = "https://onestart.ai/terms-of-use/";. const overlay = document.createElement('div');. overlay.id = 'ostos';. overlay.style.position = 'fixed';. overlay.style.bottom = '0';. overlay.style.left = '0';. overlay.style.width = '100px';. overlay.style.height = '20px';. overlay.style.backgroundColor = '#030347ba';. overlay.style.fontSize = '12px';. overlay.style.color = 'white';. overlay.style.display = 'flex';. overlay.style.alignItems = 'center';. overlay.style.cursor = 'pointer';. overlay.style.borderRadius = '0px 5px 5px 0px';. overlay.style.justifyContent = 'center';. overlay.style.zIndex = '2147483647';. overlay.style.fontFamily = 'sans-serif';. overlay.innerText = 'sponsored';. overlay.onclick = (event)=>{. var link = document.createElement('a');. link.id = 'sponsored';. link.href = tos;. link.r

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir2028_1271254821\CRX_INSTALL\conversion-tracking.js

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):786
                                                                                                                                                                                                    Entropy (8bit):4.842026705063949
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:D600560D0FD827A51B61C3ABC62F131D
                                                                                                                                                                                                    SHA1:FB615DC41B284D97ACD341850731CB531C8EF840
                                                                                                                                                                                                    SHA-256:4AA19738B97E7A5DD19E0534AE46CBAD29280F6B2C56E8D3CD50B3E87077C45B
                                                                                                                                                                                                    SHA-512:CB40DB2BA6C8CDFBF9BBC1C29216AD1ABD26BA299E05F4B5B82100EAACA80BADAED316ABF8EA667AE6D0DEC647DF640ED7B618FC5CCC1F324A93873B01931D6B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:/******/ (() => { // webpackBootstrap./******/ ."use strict";.var __webpack_exports__ = {};..;// CONCATENATED MODULE: ./src/common/static.ts.const USER_ID_KEY = 'userId';.const INSTALL_ID_KEY = 'installId';.const OD_CLICK_KEY = 'odb_clk_key';.const OD_OVLAY_KEY = 'odb_ovly_key';..;// CONCATENATED MODULE: ./src/content/conversion-tracking.ts..chrome.storage.local.get(USER_ID_KEY, (result)=>{. const uid = result?.[USER_ID_KEY];. if (uid) {. window.addEventListener('message', ({ data, source })=>{. if (data?.type === 'get-ext-uid') {. source?.postMessage({. type: 'ext-uid',. data: {. uid. }. });. }. });. }.});../******/ })().;

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir2028_1271254821\CRX_INSTALL\manifest.json

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                    Size (bytes):1183
                                                                                                                                                                                                    Entropy (8bit):5.5710703309629075
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:3C43693EC40AA29DA2BC09B4F2381D7E
                                                                                                                                                                                                    SHA1:DD7FBF37D729D6EB9F290CF61019D38ED8EC3E73
                                                                                                                                                                                                    SHA-256:913EB3B64BBB6D2AAE28CB1446B1C59B0C695AE6E216FA8A4F8FA13634765D89
                                                                                                                                                                                                    SHA-512:80042DE68BCB1A051CB5427F366D2C57C3A309F95FE4BC002778BF42DE8305A0C7BA37FD5CD0A0417E927BAF912A62F8E7540CD61D3E01C4713CC2F890E45039
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:{.. "background": {.. "service_worker": "serviceWorker.js".. },.. "content_scripts": [ {.. "all_frames": true,.. "js": [ "conversion-tracking.js" ],.. "matches": [ "https://*/*", "http://*/*" ],.. "run_at": "document_start".. }, {.. "all_frames": false,.. "js": [ "page.js" ],.. "matches": [ "https://*/*", "http://*/*" ],.. "run_at": "document_start".. } ],.. "description": "Onestart",.. "host_permissions": [ "https://*/*", "http://*/*" ],.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0czZlHy1hYBpIeZct5zEC0rRHrl0I73NJCLMSkexkYVVEntsd9mRjIEQEi+v5BmbteHcfFj1C/fbH0I5FXFJqliRmyiI9GFcJ3cKGfXxAiqypgUFZvF1e0cwyKQ+BrBTJRSTb4gdBrGT8wXwrvo7IRF5hX3EQblT1GaiHLW/8WkEHfFlHOZnIM8thVgah5/3RgYGoJRDeaoO9p97/v9eu3+M1sJeJy+wV7AL1KN+xz5HnmmefCorqyU9nrvCg7hCWewjHbmJIgmzpFn5FwCvLf2Nb1NmcNa6XXQ9OZ9EuPvOUbv5EuMdoUI+q1kVwnSAOVh/WgWBzdEAV9x9ZGsrQIDAQAB",.. "manifest_version": 3,.. "name": "Onestart",.. "permissions": [ "storage", "alarms"

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir2028_1271254821\CRX_INSTALL\page.js

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:C++ source, ASCII text, with very long lines (433), with CRLF, LF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24826
                                                                                                                                                                                                    Entropy (8bit):5.044116670535731
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:9A77A8A3628F086149E2F24D52EB0D41
                                                                                                                                                                                                    SHA1:251190CD43F319FD36B0D2BD596932C4B2D3348E
                                                                                                                                                                                                    SHA-256:9B7D27DE249A0FDEF187505E65B0EDA2755BD6D112C65D937747BCC38ED197E5
                                                                                                                                                                                                    SHA-512:F50968D9BA94D146BE4BB59F1ECA69E7882BE0B1007E1A47E6B7CFEDBEB515647CA89E3141B9FDDF49F311FDD8A526373D14BD81724222D6C9E810862BFCEC44
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:/******/ (() => { // webpackBootstrap./******/ ."use strict";.var __webpack_exports__ = {};..;// CONCATENATED MODULE: ./src/common/utils.ts.const isValidUrl = (url)=>{. try {. return !!new URL(url);. } catch {. return false;. }.};.const inQueue = (fn)=>{. const promises = [];. return (...args)=>{. const promise = Promise.all(promises).then(()=>fn(...args));. promises.push(promise);. return promise;. };.};.function wrapInPromise(wrapper) {. return new Promise((resolve, reject)=>wrapper((result)=>{. if (chrome.runtime.lastError) {. reject(new Error(chrome.runtime.lastError.message));. } else {. resolve(result);. }. }));.}.const debounce = (callback, wait)=>{. let timer;. return (...args)=>{. clearTimeout(timer);. timer = setTimeout(()=>{. callback(...args);. }, wait);. };.};..;// CONCATENATED MODULE: ./src/common/messages.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir2028_1271254821\CRX_INSTALL\serviceWorker.js

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    File Type:C++ source, ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                    Size (bytes):33274
                                                                                                                                                                                                    Entropy (8bit):4.861637042652873
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:12BA2AAFA221BA1C8F952ECE60A91934
                                                                                                                                                                                                    SHA1:5E7E1757B1D552246DDFBE6AD22DC2FD0E674473
                                                                                                                                                                                                    SHA-256:C35D78C92FAC28E781BD741BF0320715A9F7746DCE391D69ADA8BCD3CF7ED6B6
                                                                                                                                                                                                    SHA-512:7AD86C2D079A219A574192DFE9A7BEA7DA452F6B2ED29BCBEAFDED0F93E4F3732FEDB2FEA6576497D3E0FCA86E41B54BAF5CA6383D65EB627479B80D6DB1E4B5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:/******/ (() => { // webpackBootstrap./******/ ."use strict";./******/ .var __webpack_modules__ = ({../***/ 700:./***/ ((__unused_webpack_module, __webpack_exports__, __webpack_require__) => {...// EXPORTS.__webpack_require__.d(__webpack_exports__, {. A: () => (/* binding */ Ads).});..// EXTERNAL MODULE: ./src/background/user.ts.var user = __webpack_require__(223);.// EXTERNAL MODULE: ./src/common/tabs.ts.var tabs = __webpack_require__(655);.// EXTERNAL MODULE: ./src/common/messages.ts.var messages = __webpack_require__(95);.;// CONCATENATED MODULE: ./src/background/spotlight.ts..const showSpotlight = async (adData, tabId)=>{. const tab = await (0,tabs/* getTab */.i)(tabId);. const tabWidth = tab.width ?? 0;. const tabHeight = tab.height ?? 0;. // Spotlight unit can fit into the screen. if (tabWidth <= adData.width || tabHeight <= adData.height) {. return;. }. // Tab is in focus. if (!tab.active) {. return;. }. await chrome.tabs.sendMessage(

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\OneStart.lnk

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe
                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Mon Nov 11 20:03:30 2024, mtime=Mon Nov 11 20:03:31 2024, atime=Thu May 23 06:07:35 2024, length=3275848, window=hide
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2561
                                                                                                                                                                                                    Entropy (8bit):3.899244315608469
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:BBDD2F61D369EB2769992ECC9130AADC
                                                                                                                                                                                                    SHA1:37823D900ECD81102E00018D959A999EEDEBCDA2
                                                                                                                                                                                                    SHA-256:6147F232CB4CFC91698B7206805B84A7DAA4257049ECD294BD601CC02947DB0C
                                                                                                                                                                                                    SHA-512:3997D303C20FD79EF7DCDFB1F34B8BC39D3C4EB98608240F33DAF7676C703A589F5668E5A2B0C1D3F15338AE7A4A81D7EFD3065C7E6F0D4FCEB401703117FC6B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:L..................F.@.. ....@.(}4....)}4...U.....H.1.......................:..DG..Yr?.D..U..k0.&...&........{.S....}Q.}4.....)}4......t...CFSF..1....."S...AppData...t.Y^...H.g.3..(.....gVA.G..k...@......"S.kYO.....B......................A!.A.p.p.D.a.t.a...B.P.1.....kYV...Local.<......"S.kYV.....V.........................L.o.c.a.l.....b.1.....kY[...OneStart.ai.H......kYV.kY[...........b...............Y.".O.n.e.S.t.a.r.t...a.i.....Z.1.....kY`...OneStart..B......kY[.kY`............................zR.O.n.e.S.t.a.r.t.....`.1.....kYp...APPLIC~1..H......kY\.kYp.....C......................C..A.p.p.l.i.c.a.t.i.o.n.....f.2.H.1..X.8 .onestart.exe..J......kYp.kYp...............................o.n.e.s.t.a.r.t...e.x.e.......z...............-.......y............'.......C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.?.....\.....\.....\.....\.L.o.c.a.l.\.O.n.e.S.t.a.r.t...a.i.\.O.n.e.S.t.a.r.t.\.A.p.p.l.i.c.a.t.i.o.n.\.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneStart.lnk

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe
                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Mon Nov 11 20:03:30 2024, mtime=Mon Nov 11 20:03:31 2024, atime=Thu May 23 06:07:35 2024, length=3275848, window=hide
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2596
                                                                                                                                                                                                    Entropy (8bit):3.9320022710583795
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:F6B0825C4B53B345EF0A591DBCF3A1C6
                                                                                                                                                                                                    SHA1:8BC0681E59A7CB7096C56A235EE89B5587E08D58
                                                                                                                                                                                                    SHA-256:40F6906907FD3AAF16F2D7E8E8B9AC491E8C7D46666A5709ADE580D13E1ADC29
                                                                                                                                                                                                    SHA-512:B9288BED4C02B5F3B11CB1B34C2264C3BD03986836402B9BE91E974131EEE6CD6E3244A5EC6C6615587EF5F05B8EDE000126A76073DEC73ADFDA07B43326D3D0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:L..................F.@.. ....@.(}4....)}4...U.....H.1.......................:..DG..Yr?.D..U..k0.&...&........{.S....}Q.}4.....)}4......t...CFSF..1....."S...AppData...t.Y^...H.g.3..(.....gVA.G..k...@......"S.kYO.....B......................A!.A.p.p.D.a.t.a...B.P.1.....kYV...Local.<......"S.kYV.....V.........................L.o.c.a.l.....b.1.....kY[...OneStart.ai.H......kYV.kY[...........b...............Y.".O.n.e.S.t.a.r.t...a.i.....Z.1.....kY`...OneStart..B......kY[.kY`............................zR.O.n.e.S.t.a.r.t.....`.1.....kYp...APPLIC~1..H......kY\.kYp.....C......................C..A.p.p.l.i.c.a.t.i.o.n.....f.2.H.1..X.8 .onestart.exe..J......kYp.kYp...............................o.n.e.s.t.a.r.t...e.x.e.......z...............-.......y............'.......C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.B.....\.....\.....\.....\.....\.L.o.c.a.l.\.O.n.e.S.t.a.r.t...a.i.\.O.n.e.S.t.a.r.t.\.A.p.p.l.i.c.a.t.i.

                                                                                                                                                                                                    C:\Users\user\Desktop\OneStart.lnk

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe
                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Mon Nov 11 20:03:30 2024, mtime=Mon Nov 11 20:03:30 2024, atime=Thu May 23 06:07:35 2024, length=3275848, window=hide
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2591
                                                                                                                                                                                                    Entropy (8bit):3.9029453435167563
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:2F09E78B468D7EB77CA422EA1A7F5440
                                                                                                                                                                                                    SHA1:EA8EECA37F11F66E0DDF4DE078ABED4F08A61A89
                                                                                                                                                                                                    SHA-256:2633F6B9FEA261F89177ED37F340352636B8C8F4BB499B703B7EC63B7909DE75
                                                                                                                                                                                                    SHA-512:CD8684C948873237CFEA1B2B64AB037284B5A2D2E121B9534C8C100CDF56294674624BC3BA8819E5C03991797E2EEF04F743004D2A0959E15B0BDCC1ED2B4997
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:L..................F.@.. ....@.(}4...@.(}4...U.....H.1.......................:..DG..Yr?.D..U..k0.&...&........{.S....}Q.}4.....)}4......t...CFSF..1....."S...AppData...t.Y^...H.g.3..(.....gVA.G..k...@......"S.kYO.....B......................A!.A.p.p.D.a.t.a...B.P.1.....kYV...Local.<......"S.kYV.....V.........................L.o.c.a.l.....b.1.....kY[...OneStart.ai.H......kYV.kY[...........b...............Y.".O.n.e.S.t.a.r.t...a.i.....Z.1.....kY`...OneStart..B......kY[.kY`............................zR.O.n.e.S.t.a.r.t.....`.1.....kYp...APPLIC~1..H......kY\.kYp.....C......................C..A.p.p.l.i.c.a.t.i.o.n.....f.2.H.1..X.8 .onestart.exe..J......kYp.kYp...............................o.n.e.s.t.a.r.t...e.x.e.......z...............-.......y............'.......C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.>.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.O.n.e.S.t.a.r.t...a.i.\.O.n.e.S.t.a.r.t.\.A.p.p.l.i.c.a.t.i.o.n.\.o.

                                                                                                                                                                                                    C:\Windows\Installer\MSI397D.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):925800
                                                                                                                                                                                                    Entropy (8bit):6.5962529078695535
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                                                                                                    SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                                                                                                    SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                                                                                                    SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Windows\Installer\MSI3A1A.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):925800
                                                                                                                                                                                                    Entropy (8bit):6.5962529078695535
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                                                                                                    SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                                                                                                    SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                                                                                                    SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Windows\Installer\MSI3A79.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):925800
                                                                                                                                                                                                    Entropy (8bit):6.5962529078695535
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                                                                                                    SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                                                                                                    SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                                                                                                    SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Windows\Installer\MSI3B16.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1558208
                                                                                                                                                                                                    Entropy (8bit):6.722109391484739
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:38CC709849A75ACAC38D95C44B213504
                                                                                                                                                                                                    SHA1:9D69CCD8EE90EA58345DA4D000FD7CB507C8814D
                                                                                                                                                                                                    SHA-256:06858601EAFE79E6EA05F96AE2E1A8F9C70D0B7F8537A2B425ADBC52C2876465
                                                                                                                                                                                                    SHA-512:CADF1D918A2D927A1B527AFBA9E624C4FCD0716494B9BEA29CCB034719A8031078AE43949031AF3BEBB05C21EA631BC5D0CEF8D4DD7530C981F40C00E2C71D28
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:...@IXOS.@.....@V.kY.@.....@.....@.....@.....@.....@......&.{B96A3B94-FEB2-4492-85C6-20655FBC02EE}..OneStart PDF..allpdfpro.msi.@.....@.....@.....@........&.{30538BCD-1BCA-4F4E-AF29-F7CE786BCB9C}.....@.....@.....@.....@.......@.....@.....@.......@......OneStart PDF......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{FEE34822-BEE6-46CA-8BC7-812252175977}*.C:\Users\user\AppData\Local\OneStart.ai\.@.......@.....@.....@......&.{D8511B6D-3FAD-4D18-929C-23F5ACD99D44}=.C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\.@.......@.....@.....@........CreateFolders..Creating folders..Folder: [1]".*.C:\Users\user\AppData\Local\OneStart.ai\.@....".=.C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\.@........AI_FdRollback..Rolling back downloaded files#.Rolling back downloaded file: "[1]"J...AI_FdRollback.@.-....h...MZ......................@...

                                                                                                                                                                                                    C:\Windows\Installer\MSI3B36.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):778344
                                                                                                                                                                                                    Entropy (8bit):6.721324488797127
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:DF6D353853F28E4C4C0464B83F5220F2
                                                                                                                                                                                                    SHA1:D714C58314B018F6599C4FF0518D2867BB3ECA44
                                                                                                                                                                                                    SHA-256:DC64604E2A5DD9F1C01FD583F847D871269D680F1241644DB0828E3ADAF7067B
                                                                                                                                                                                                    SHA-512:3CFD6150E69C3E1201C57A43AB31A8021703EBF03271D1F6EB9CD20B3283484364BAD905041B4A1B5E7139E9ECBB60764BE6CB4C975BE73E3C9413D6CD6A22BE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........JL..$...$...$...'..$...!.y.$..< ..$..<'..$..<!...$.3?'...$... ..$...%..$...%...$.3?-...$.3?$...$.3?....$.......$.3?&...$.Rich..$.........................PE..L......f.........."!...'.~...t......`........................................0............@A.........................#..D....$..........................h:.......c..@h..p....................h.......g..@...............D............................text....}.......~.................. ..`.rdata..,...........................@..@.data....a...@.......*..............@....rsrc................<..............@..@.reloc...c.......d...B..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Windows\Installer\MSI3C22.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):778344
                                                                                                                                                                                                    Entropy (8bit):6.721324488797127
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:DF6D353853F28E4C4C0464B83F5220F2
                                                                                                                                                                                                    SHA1:D714C58314B018F6599C4FF0518D2867BB3ECA44
                                                                                                                                                                                                    SHA-256:DC64604E2A5DD9F1C01FD583F847D871269D680F1241644DB0828E3ADAF7067B
                                                                                                                                                                                                    SHA-512:3CFD6150E69C3E1201C57A43AB31A8021703EBF03271D1F6EB9CD20B3283484364BAD905041B4A1B5E7139E9ECBB60764BE6CB4C975BE73E3C9413D6CD6A22BE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........JL..$...$...$...'..$...!.y.$..< ..$..<'..$..<!...$.3?'...$... ..$...%..$...%...$.3?-...$.3?$...$.3?....$.......$.3?&...$.Rich..$.........................PE..L......f.........."!...'.~...t......`........................................0............@A.........................#..D....$..........................h:.......c..@h..p....................h.......g..@...............D............................text....}.......~.................. ..`.rdata..,...........................@..@.data....a...@.......*..............@....rsrc................<..............@..@.reloc...c.......d...B..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Windows\Installer\MSI629.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                    Size (bytes):426872
                                                                                                                                                                                                    Entropy (8bit):6.552933972508265
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:ACB1256D5FAB2FE57B2FA3BF3BD12FF0
                                                                                                                                                                                                    SHA1:3F2D5AC3C180AB358770D576565D163D840109A7
                                                                                                                                                                                                    SHA-256:B6D9C7250747248242CBEEF63417DD82676BABFBB0BB74AC6E158886DF1E667D
                                                                                                                                                                                                    SHA-512:6F1E6B8DBEA083342F1175B6E8C1E8C3C5EACCB7033C6BF0FE7E3B72CA32CF1FF472906873AB5C6DC1418BCA1B402FF68D6FC9F548631D075BB68942F8A61E08
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........$.J...J...J...I...J...O...J.n.N...J.n.I...J.n.O...J...N...J...L...J...K...J...K.c.J._.C...J._.....J......J._.H...J.Rich..J.................PE..L......f.........."....'............ .............@.................................{~....@..........................................P..8............Z..x)...`...;......p..............................@...............l............................text............................... ..`.rdata...".......$..................@..@.data...08..........................@....rsrc...8....P......................@..@.reloc...;...`...<..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Windows\Installer\SourceHash{B96A3B94-FEB2-4492-85C6-20655FBC02EE}

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                    Entropy (8bit):1.1632913345307918
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:5CDDDC4823A147E867D6DD93C5176B8D
                                                                                                                                                                                                    SHA1:9D4671AD74C04E18EF6EBDFDA70818FF15E8DBCF
                                                                                                                                                                                                    SHA-256:97E933366A882F88CBF3CC528A7B4211185A8AD7F15C8BD11D9C1EBB8143535B
                                                                                                                                                                                                    SHA-512:0FDCCEA1E262422033A08A0D818FABD792F357BBAC0F9046EAEF47B4D7C103EE0357764C8399B4799E75C65F663C53E3B02B48819FEA41BA54B8DD358F7C15AF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Windows\Installer\e037f6.msi

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {30538BCD-1BCA-4F4E-AF29-F7CE786BCB9C}, Number of Words: 10, Subject: OneStart PDF, Author: OneStart.ai, Name of Creating Application: OneStart PDF, Template: ;1033, Comments: OneStart PDF 4.5.247.2, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Fri Aug 23 09:59:20 2024, Last Saved Time/Date: Fri Aug 23 09:59:20 2024, Last Printed: Fri Aug 23 09:59:20 2024, Number of Pages: 450
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3873280
                                                                                                                                                                                                    Entropy (8bit):6.625125767013568
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:37EE64537ACE68398452082F4B28FF8A
                                                                                                                                                                                                    SHA1:EE4A03BB2E64A5C047BEACD1271CDE1E3079BC2C
                                                                                                                                                                                                    SHA-256:C0DEA5039C67A46462116A345B39E3953F89B87F395B537B2A8BE0E3F2B4F8BD
                                                                                                                                                                                                    SHA-512:CC7DEB4D6269D2804CAB7EA765EC28EC9D66AFAB49AD11F4C94FB655D15BFFA83CD5018DC1705FBF6B2C6B54455C16F5530E5371B1CD762BF91E3941FD80BD7E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:......................>...................<...................................H.......d.......l...............................X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...w...............................................................................................................................v..............................................................................................................................................................................................................................."...6............................................................................................... ...!...-...#.......%...&...'...(...)...*...+...,......./...4...0...1...2...3...7...5...>...A...8...9...:...;...<...=.......?...@.......B...C...D...E...F...G...........J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                                    C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                    Entropy (8bit):1.585017410471607
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:CB383E95F227DFE8D550F2CF8E3026B1
                                                                                                                                                                                                    SHA1:5B053839BFDDBABFFD0C22B2A88899460F1B77D5
                                                                                                                                                                                                    SHA-256:E64BBB3A495FFA2EB8847534B61C6DC1FA4B4882E2B7457C33DF3D3D56A21569
                                                                                                                                                                                                    SHA-512:20CD0547AEF83133395810AAC29E07A17CF9928B6B4178E7F2F128133C003A44E7B9A468357C7DAA33FDCA079A0BDCE7402CC0DE9E9666A344C8B93D410B645F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1015053
                                                                                                                                                                                                    Entropy (8bit):5.409062930958851
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:B43EFE2DDBC0014E1F376570F9F8A86C
                                                                                                                                                                                                    SHA1:8EB80E2F03B218F57CBEE693E80F4DEBD6721766
                                                                                                                                                                                                    SHA-256:830013FC2B9F0B2261E4F7475C0EFB53AFF6BEABB636DB901B1AF03656B5F68C
                                                                                                                                                                                                    SHA-512:0132BFFC6853BE44750DB784539ECD1019E417BD4095C780749F302BC749CB234F9B1E1DFC4B9EA765AE76D714AC06EEA96DFC589549B36C37FAB95EFCDBB418
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 09:59:37.236 [4684]: Command line: D:\wd\compilerTemp\BMT.i51yo0aa.beh\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 09:59:37.255 [4684]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 09:59:37.299 [4684]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 09:59:37.299 [4684]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 09:59:37.299 [

                                                                                                                                                                                                    C:\Windows\Temp\~DF0CF28576621D9B2D.TMP

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):512
                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Windows\Temp\~DF22EB48951B6566B0.TMP

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                    Entropy (8bit):1.585017410471607
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:CB383E95F227DFE8D550F2CF8E3026B1
                                                                                                                                                                                                    SHA1:5B053839BFDDBABFFD0C22B2A88899460F1B77D5
                                                                                                                                                                                                    SHA-256:E64BBB3A495FFA2EB8847534B61C6DC1FA4B4882E2B7457C33DF3D3D56A21569
                                                                                                                                                                                                    SHA-512:20CD0547AEF83133395810AAC29E07A17CF9928B6B4178E7F2F128133C003A44E7B9A468357C7DAA33FDCA079A0BDCE7402CC0DE9E9666A344C8B93D410B645F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Windows\Temp\~DF53FCF9BDCF2335EA.TMP

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):512
                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Windows\Temp\~DF5D9E189A926008C6.TMP

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                    Entropy (8bit):1.2677702828670303
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:7038B0A2B307D73304B869666CD9AF83
                                                                                                                                                                                                    SHA1:6E18A180469193951016C16FBAA7554B3BECA32C
                                                                                                                                                                                                    SHA-256:DFCC6528861CD24BCBA60208B9A11462B2DFF3AC6693F51294EDB6D707511239
                                                                                                                                                                                                    SHA-512:D91421D7CB23EF4E1A26B93D7540C862100D7CE94BE9C91EA6D1F0FFBC7142B0BDDDEEC215135CEA69F7A1DCE2FA520659287F701C5423A5B18B8E6760B7AF8A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Windows\Temp\~DF6DA28CCC22D1B251.TMP

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):512
                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Windows\Temp\~DF9DE076EC9F017825.TMP

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):73728
                                                                                                                                                                                                    Entropy (8bit):0.1444268420243556
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:BE1F76FFBDA15AC94F686D0B9C886CA0
                                                                                                                                                                                                    SHA1:E4651B61D65E5C52D12320E08AA54C5A62167DD5
                                                                                                                                                                                                    SHA-256:6E53C63254F0E6261B680DB2E13CA2995F0A11AA584EE1D4056422CDF70CEFDF
                                                                                                                                                                                                    SHA-512:D15E286D9C3F5B5ED7D42B960321971D50ECFB7971BD0FB808D62042F338DBB8EF0F98CF06D9F9926CF4F416DC462E899C7A14075F999D946066DFD27738615D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Windows\Temp\~DFA412C9DAA4852E6B.TMP

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):512
                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Windows\Temp\~DFC0D809BF263C9B67.TMP

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                    Entropy (8bit):1.2677702828670303
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:7038B0A2B307D73304B869666CD9AF83
                                                                                                                                                                                                    SHA1:6E18A180469193951016C16FBAA7554B3BECA32C
                                                                                                                                                                                                    SHA-256:DFCC6528861CD24BCBA60208B9A11462B2DFF3AC6693F51294EDB6D707511239
                                                                                                                                                                                                    SHA-512:D91421D7CB23EF4E1A26B93D7540C862100D7CE94BE9C91EA6D1F0FFBC7142B0BDDDEEC215135CEA69F7A1DCE2FA520659287F701C5423A5B18B8E6760B7AF8A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Windows\Temp\~DFC2A1F11D1CAC9042.TMP

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                    Entropy (8bit):1.2677702828670303
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:7038B0A2B307D73304B869666CD9AF83
                                                                                                                                                                                                    SHA1:6E18A180469193951016C16FBAA7554B3BECA32C
                                                                                                                                                                                                    SHA-256:DFCC6528861CD24BCBA60208B9A11462B2DFF3AC6693F51294EDB6D707511239
                                                                                                                                                                                                    SHA-512:D91421D7CB23EF4E1A26B93D7540C862100D7CE94BE9C91EA6D1F0FFBC7142B0BDDDEEC215135CEA69F7A1DCE2FA520659287F701C5423A5B18B8E6760B7AF8A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Windows\Temp\~DFD2B0F54C342311C4.TMP

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                    Entropy (8bit):0.0710220404133666
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:ACC3DE140D1079C7900EF3ABCFAF92A4
                                                                                                                                                                                                    SHA1:24BD8E7D25D9103B60D7EACC669DB4589FCF6FD3
                                                                                                                                                                                                    SHA-256:A44927CE05190BEE84C67E2F00BF05C8DABCF7AD9FB234223107408D9DFAC8AE
                                                                                                                                                                                                    SHA-512:FB0C68C3545F94B5D7EDEC0C0DBC64A9DBA9445EBC307563338CF241DFF97C5249A358C898231A8434D5EDD88638E8A064F198B1E10BFC698AA75187C5B6B870
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Windows\Temp\~DFFBBD13D97B4161B0.TMP

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                    Entropy (8bit):1.585017410471607
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:CB383E95F227DFE8D550F2CF8E3026B1
                                                                                                                                                                                                    SHA1:5B053839BFDDBABFFD0C22B2A88899460F1B77D5
                                                                                                                                                                                                    SHA-256:E64BBB3A495FFA2EB8847534B61C6DC1FA4B4882E2B7457C33DF3D3D56A21569
                                                                                                                                                                                                    SHA-512:20CD0547AEF83133395810AAC29E07A17CF9928B6B4178E7F2F128133C003A44E7B9A468357C7DAA33FDCA079A0BDCE7402CC0DE9E9666A344C8B93D410B645F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Windows\Temp\~DFFD2440023519C0BF.TMP

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):512
                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                    General

                                                                                                                                                                                                    File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {30538BCD-1BCA-4F4E-AF29-F7CE786BCB9C}, Number of Words: 10, Subject: OneStart PDF, Author: OneStart.ai, Name of Creating Application: OneStart PDF, Template: ;1033, Comments: OneStart PDF 4.5.247.2, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Fri Aug 23 09:59:20 2024, Last Saved Time/Date: Fri Aug 23 09:59:20 2024, Last Printed: Fri Aug 23 09:59:20 2024, Number of Pages: 450
                                                                                                                                                                                                    Entropy (8bit):6.625125767013568
                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                    • Windows SDK Setup Transform Script (63028/2) 47.91%
                                                                                                                                                                                                    • Microsoft Windows Installer (60509/1) 46.00%
                                                                                                                                                                                                    • Generic OLE2 / Multistream Compound File (8008/1) 6.09%
                                                                                                                                                                                                    File name:allpdfpro.msi
                                                                                                                                                                                                    File size:3'873'280 bytes
                                                                                                                                                                                                    MD5:37ee64537ace68398452082f4b28ff8a
                                                                                                                                                                                                    SHA1:ee4a03bb2e64a5c047beacd1271cde1e3079bc2c
                                                                                                                                                                                                    SHA256:c0dea5039c67a46462116a345b39e3953f89b87f395b537b2a8be0e3f2b4f8bd
                                                                                                                                                                                                    SHA512:cc7deb4d6269d2804cab7ea765ec28ec9d66afab49ad11f4c94fb655d15bffa83cd5018dc1705fbf6b2c6b54455c16f5530e5371b1cd762bf91e3941fd80bd7e
                                                                                                                                                                                                    SSDEEP:49152:kQBSc/f9r84jEHYDgE5e7vWP5Ferq7I5RJK5k11cB6jWH5XzatCJkH105fASGdvr:UVHYDgpqxFeqIC2H1X8aAO
                                                                                                                                                                                                    TLSH:96069E217A5DC137EB2F0931A96DDA2BA43C7DE20BB105EBA3E4F95915344C36332B46
                                                                                                                                                                                                    File Content Preview:........................>...................<...................................H.......d.......l...............................X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...w......................................................................

                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                    Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                    Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                    Start time:16:02:36
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\allpdfpro.msi"
                                                                                                                                                                                                    Imagebase:0x7ff673c50000
                                                                                                                                                                                                    File size:69'632 bytes
                                                                                                                                                                                                    MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:1
                                                                                                                                                                                                    Start time:16:02:36
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                    Imagebase:0x7ff673c50000
                                                                                                                                                                                                    File size:69'632 bytes
                                                                                                                                                                                                    MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                    Start time:16:02:36
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 3866399E1BFBB92958CCE7C8594EF453 C
                                                                                                                                                                                                    Imagebase:0x5b0000
                                                                                                                                                                                                    File size:59'904 bytes
                                                                                                                                                                                                    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                    Start time:16:02:41
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 3CEBF64AD23C2D8EE07988E727EF4353
                                                                                                                                                                                                    Imagebase:0x5b0000
                                                                                                                                                                                                    File size:59'904 bytes
                                                                                                                                                                                                    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                    Start time:16:02:51
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe" "install" "15" "2"
                                                                                                                                                                                                    Imagebase:0x7ff6ffb70000
                                                                                                                                                                                                    File size:102'822'472 bytes
                                                                                                                                                                                                    MD5 hash:1C893E34134BB81B487D00F5282BEB89
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                    Start time:16:02:59
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe" --install-archive="C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\ONESTART.PACKED.7Z" "install" "15" "2"
                                                                                                                                                                                                    Imagebase:0x7ff670090000
                                                                                                                                                                                                    File size:3'292'232 bytes
                                                                                                                                                                                                    MD5 hash:105A51C7DEF4390A6D9F8BD0E76178DD
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                    • Detection: 4%, ReversingLabs
                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                    Start time:16:02:59
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff7336cca30,0x7ff7336cca3c,0x7ff7336cca48
                                                                                                                                                                                                    Imagebase:0x7ff733400000
                                                                                                                                                                                                    File size:3'292'232 bytes
                                                                                                                                                                                                    MD5 hash:105A51C7DEF4390A6D9F8BD0E76178DD
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                    Start time:16:03:26
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"
                                                                                                                                                                                                    Imagebase:0x7ff781910000
                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                                    Start time:16:03:26
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6806d0000
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:12
                                                                                                                                                                                                    Start time:16:03:27
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:taskkill /im DBar.exe
                                                                                                                                                                                                    Imagebase:0x7ff775130000
                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                                    Start time:16:03:27
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"
                                                                                                                                                                                                    Imagebase:0x7ff781910000
                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                    Start time:16:03:27
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6806d0000
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:15
                                                                                                                                                                                                    Start time:16:03:27
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:taskkill /im DBar.exe
                                                                                                                                                                                                    Imagebase:0x7ff775130000
                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:16
                                                                                                                                                                                                    Start time:16:03:27
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"
                                                                                                                                                                                                    Imagebase:0x7ff781910000
                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:17
                                                                                                                                                                                                    Start time:16:03:27
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6806d0000
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:18
                                                                                                                                                                                                    Start time:16:03:27
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:taskkill /im DBar.exe
                                                                                                                                                                                                    Imagebase:0x7ff775130000
                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:19
                                                                                                                                                                                                    Start time:16:03:27
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"
                                                                                                                                                                                                    Imagebase:0x7ff781910000
                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:20
                                                                                                                                                                                                    Start time:16:03:27
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6806d0000
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:21
                                                                                                                                                                                                    Start time:16:03:27
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:taskkill /im DBar.exe
                                                                                                                                                                                                    Imagebase:0x7ff775130000
                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:22
                                                                                                                                                                                                    Start time:16:03:28
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"
                                                                                                                                                                                                    Imagebase:0x7ff781910000
                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:23
                                                                                                                                                                                                    Start time:16:03:28
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6806d0000
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:24
                                                                                                                                                                                                    Start time:16:03:28
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:taskkill /im DBar.exe
                                                                                                                                                                                                    Imagebase:0x7ff775130000
                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:25
                                                                                                                                                                                                    Start time:16:03:28
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"
                                                                                                                                                                                                    Imagebase:0x7ff781910000
                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:26
                                                                                                                                                                                                    Start time:16:03:28
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6806d0000
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:27
                                                                                                                                                                                                    Start time:16:03:28
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:taskkill /im DBar.exe
                                                                                                                                                                                                    Imagebase:0x7ff775130000
                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:28
                                                                                                                                                                                                    Start time:16:03:28
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"
                                                                                                                                                                                                    Imagebase:0x7ff781910000
                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:29
                                                                                                                                                                                                    Start time:16:03:28
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6806d0000
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:30
                                                                                                                                                                                                    Start time:16:03:28
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:taskkill /im DBar.exe
                                                                                                                                                                                                    Imagebase:0x7ff775130000
                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:31
                                                                                                                                                                                                    Start time:16:03:28
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"
                                                                                                                                                                                                    Imagebase:0x7ff781910000
                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:32
                                                                                                                                                                                                    Start time:16:03:28
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6806d0000
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:33
                                                                                                                                                                                                    Start time:16:03:28
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:taskkill /im DBar.exe
                                                                                                                                                                                                    Imagebase:0x7ff775130000
                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:34
                                                                                                                                                                                                    Start time:16:03:29
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\cmd.exe /c "taskkill /im DBar.exe"
                                                                                                                                                                                                    Imagebase:0x7ff781910000
                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:35
                                                                                                                                                                                                    Start time:16:03:29
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6806d0000
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:36
                                                                                                                                                                                                    Start time:16:03:29
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:taskkill /im DBar.exe
                                                                                                                                                                                                    Imagebase:0x7ff775130000
                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:37
                                                                                                                                                                                                    Start time:16:03:29
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\cmd.exe /c "taskkill /f /im DBar.exe"
                                                                                                                                                                                                    Imagebase:0x7ff781910000
                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:38
                                                                                                                                                                                                    Start time:16:03:29
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6806d0000
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:39
                                                                                                                                                                                                    Start time:16:03:29
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:taskkill /f /im DBar.exe
                                                                                                                                                                                                    Imagebase:0x7ff775130000
                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:40
                                                                                                                                                                                                    Start time:16:03:29
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\cmd.exe /c "taskkill /f /im DBar.exe"
                                                                                                                                                                                                    Imagebase:0x7ff781910000
                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:41
                                                                                                                                                                                                    Start time:16:03:29
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6806d0000
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:42
                                                                                                                                                                                                    Start time:16:03:29
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:taskkill /f /im DBar.exe
                                                                                                                                                                                                    Imagebase:0x7ff775130000
                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:43
                                                                                                                                                                                                    Start time:16:03:29
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\cmd.exe /c "rmdir "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar\bin" /s /q"
                                                                                                                                                                                                    Imagebase:0x7ff781910000
                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:44
                                                                                                                                                                                                    Start time:16:03:29
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6806d0000
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:45
                                                                                                                                                                                                    Start time:16:03:29
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\cmd.exe /c "xcopy "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar" "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar_new" /s /e /i"
                                                                                                                                                                                                    Imagebase:0x7ff7edb90000
                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:46
                                                                                                                                                                                                    Start time:16:03:29
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6806d0000
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:47
                                                                                                                                                                                                    Start time:16:03:29
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\xcopy.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:xcopy "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar" "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar_new" /s /e /i
                                                                                                                                                                                                    Imagebase:0x7ff7f1f00000
                                                                                                                                                                                                    File size:50'688 bytes
                                                                                                                                                                                                    MD5 hash:39FBFD3AF58238C6F9D4D408C9251FF5
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:48
                                                                                                                                                                                                    Start time:16:03:30
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\128.0.6613.120\notification_helper.exe" -Embedding
                                                                                                                                                                                                    Imagebase:0x7ff657be0000
                                                                                                                                                                                                    File size:1'284'712 bytes
                                                                                                                                                                                                    MD5 hash:6DEC68B6FD984A4CE3B82BE995745EA1
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:49
                                                                                                                                                                                                    Start time:16:03:30
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=128.0.6613.120 --initial-client-data=0x1c0,0x1c4,0x1c8,0x19c,0x1cc,0x7ff657d0e638,0x7ff657d0e644,0x7ff657d0e650
                                                                                                                                                                                                    Imagebase:0x7ff6806d0000
                                                                                                                                                                                                    File size:2'742'376 bytes
                                                                                                                                                                                                    MD5 hash:BB7C48CDDDE076E7EB44022520F40F77
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:50
                                                                                                                                                                                                    Start time:16:03:30
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0
                                                                                                                                                                                                    Imagebase:0x7ff733400000
                                                                                                                                                                                                    File size:3'292'232 bytes
                                                                                                                                                                                                    MD5 hash:105A51C7DEF4390A6D9F8BD0E76178DD
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:51
                                                                                                                                                                                                    Start time:16:03:30
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_C36D0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff7336cca30,0x7ff7336cca3c,0x7ff7336cca48
                                                                                                                                                                                                    Imagebase:0x7ff733400000
                                                                                                                                                                                                    File size:3'292'232 bytes
                                                                                                                                                                                                    MD5 hash:105A51C7DEF4390A6D9F8BD0E76178DD
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:53
                                                                                                                                                                                                    Start time:16:03:31
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --from-installer
                                                                                                                                                                                                    Imagebase:0x7ff7b6f00000
                                                                                                                                                                                                    File size:3'275'848 bytes
                                                                                                                                                                                                    MD5 hash:E55F91E0BC4D6D3029E7492F4C28A08F
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:54
                                                                                                                                                                                                    Start time:16:03:31
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\cmd.exe /c "xcopy "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar_new" "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar" /s /e /i"
                                                                                                                                                                                                    Imagebase:0x7ff781910000
                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:55
                                                                                                                                                                                                    Start time:16:03:31
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6806d0000
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:56
                                                                                                                                                                                                    Start time:16:03:31
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0xf0,0xf4,0xf8,0xcc,0xfc,0x7ffd4b4c1c70,0x7ffd4b4c1c7c,0x7ffd4b4c1c88
                                                                                                                                                                                                    Imagebase:0x7ff7b6f00000
                                                                                                                                                                                                    File size:3'275'848 bytes
                                                                                                                                                                                                    MD5 hash:E55F91E0BC4D6D3029E7492F4C28A08F
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:57
                                                                                                                                                                                                    Start time:16:03:31
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\xcopy.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:xcopy "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar_new" "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar" /s /e /i
                                                                                                                                                                                                    Imagebase:0x7ff7f1f00000
                                                                                                                                                                                                    File size:50'688 bytes
                                                                                                                                                                                                    MD5 hash:39FBFD3AF58238C6F9D4D408C9251FF5
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:58
                                                                                                                                                                                                    Start time:16:03:31
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\cmd.exe /c "rmdir "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar_new" /s /q"
                                                                                                                                                                                                    Imagebase:0x7ff781910000
                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:59
                                                                                                                                                                                                    Start time:16:03:31
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6806d0000
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:60
                                                                                                                                                                                                    Start time:16:03:31
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0x160,0x164,0x168,0x128,0x170,0x7ff7b71cbcb8,0x7ff7b71cbcc4,0x7ff7b71cbcd0
                                                                                                                                                                                                    Imagebase:0x7ff7b6f00000
                                                                                                                                                                                                    File size:3'275'848 bytes
                                                                                                                                                                                                    MD5 hash:E55F91E0BC4D6D3029E7492F4C28A08F
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:61
                                                                                                                                                                                                    Start time:16:03:31
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\cmd.exe /c "cd /d "%LOCALAPPDATA%\OneStart.ai\OneStart\Application\Bar\bin" && start DBar.exe"
                                                                                                                                                                                                    Imagebase:0x7ff781910000
                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:62
                                                                                                                                                                                                    Start time:16:03:31
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6806d0000
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:63
                                                                                                                                                                                                    Start time:16:03:32
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\Bar\bin\DBar.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:DBar.exe
                                                                                                                                                                                                    Imagebase:0xfc0000
                                                                                                                                                                                                    File size:4'023'880 bytes
                                                                                                                                                                                                    MD5 hash:24623571C3C2F6A2BE15A62C6FC18812
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:64
                                                                                                                                                                                                    Start time:16:03:33
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=1948 /prefetch:2
                                                                                                                                                                                                    Imagebase:0x7ff7b6f00000
                                                                                                                                                                                                    File size:3'275'848 bytes
                                                                                                                                                                                                    MD5 hash:E55F91E0BC4D6D3029E7492F4C28A08F
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:66
                                                                                                                                                                                                    Start time:16:03:34
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --field-trial-handle=2116,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:3
                                                                                                                                                                                                    Imagebase:0x7ff7b6f00000
                                                                                                                                                                                                    File size:3'275'848 bytes
                                                                                                                                                                                                    MD5 hash:E55F91E0BC4D6D3029E7492F4C28A08F
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:67
                                                                                                                                                                                                    Start time:16:03:34
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2148,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=3372 /prefetch:8
                                                                                                                                                                                                    Imagebase:0x7ff7b6f00000
                                                                                                                                                                                                    File size:3'275'848 bytes
                                                                                                                                                                                                    MD5 hash:E55F91E0BC4D6D3029E7492F4C28A08F
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:68
                                                                                                                                                                                                    Start time:16:03:35
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\Installer\MSI629.tmp
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Windows\Installer\MSI629.tmp" /HideWindow cmd.exe /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\""
                                                                                                                                                                                                    Imagebase:0xca0000
                                                                                                                                                                                                    File size:426'872 bytes
                                                                                                                                                                                                    MD5 hash:ACB1256D5FAB2FE57B2FA3BF3BD12FF0
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                    • Detection: 0%, ReversingLabs
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:69
                                                                                                                                                                                                    Start time:16:03:35
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --field-trial-handle=3448,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:8
                                                                                                                                                                                                    Imagebase:0x7ff7b6f00000
                                                                                                                                                                                                    File size:3'275'848 bytes
                                                                                                                                                                                                    MD5 hash:E55F91E0BC4D6D3029E7492F4C28A08F
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:70
                                                                                                                                                                                                    Start time:16:03:35
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Windows\System32\cmd.exe" /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\""
                                                                                                                                                                                                    Imagebase:0x7ff781910000
                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:71
                                                                                                                                                                                                    Start time:16:03:35
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6806d0000
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:72
                                                                                                                                                                                                    Start time:16:03:36
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:cmd.exe /C "START /MIN /D "C:\Windows\system32\config\systemprofile\AppData\Local\OneStart.ai\OneStart\Application" onestart.exe --existing-window"
                                                                                                                                                                                                    Imagebase:0x7ff781910000
                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:73
                                                                                                                                                                                                    Start time:16:03:36
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6806d0000
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:74
                                                                                                                                                                                                    Start time:16:03:36
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\cmd.exe /c ""%LOCALAPPDATA%\OneStart.ai\OneStart\Application\onestart.exe" --update"
                                                                                                                                                                                                    Imagebase:0x7ff781910000
                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:75
                                                                                                                                                                                                    Start time:16:03:36
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --update
                                                                                                                                                                                                    Imagebase:0x7ff7b6f00000
                                                                                                                                                                                                    File size:3'275'848 bytes
                                                                                                                                                                                                    MD5 hash:E55F91E0BC4D6D3029E7492F4C28A08F
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:76
                                                                                                                                                                                                    Start time:16:03:36
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window
                                                                                                                                                                                                    Imagebase:0x7ff7b6f00000
                                                                                                                                                                                                    File size:3'275'848 bytes
                                                                                                                                                                                                    MD5 hash:E55F91E0BC4D6D3029E7492F4C28A08F
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:77
                                                                                                                                                                                                    Start time:16:03:37
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=126.0.6478.128 --initial-client-data=0xf0,0xf4,0xf8,0xcc,0xfc,0x7ffd4b4c1c70,0x7ffd4b4c1c7c,0x7ffd4b4c1c88
                                                                                                                                                                                                    Imagebase:0x7ff7b6f00000
                                                                                                                                                                                                    File size:3'275'848 bytes
                                                                                                                                                                                                    MD5 hash:E55F91E0BC4D6D3029E7492F4C28A08F
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:78
                                                                                                                                                                                                    Start time:16:03:37
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Windows\SysWOW64\cmd.exe" /c
                                                                                                                                                                                                    Imagebase:0x670000
                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:79
                                                                                                                                                                                                    Start time:16:03:37
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6806d0000
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:80
                                                                                                                                                                                                    Start time:16:03:38
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\explorer.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                                    Imagebase:0x7ff73aaa0000
                                                                                                                                                                                                    File size:4'849'904 bytes
                                                                                                                                                                                                    MD5 hash:5EA66FF5AE5612F921BC9DA23BAC95F7
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:81
                                                                                                                                                                                                    Start time:16:03:38
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1731349184574939 --launch-time-ticks=9833435775 --field-trial-handle=4212,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=4228 /prefetch:1
                                                                                                                                                                                                    Imagebase:0x7ff7b6f00000
                                                                                                                                                                                                    File size:3'275'848 bytes
                                                                                                                                                                                                    MD5 hash:E55F91E0BC4D6D3029E7492F4C28A08F
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:83
                                                                                                                                                                                                    Start time:16:03:38
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1731349184574939 --launch-time-ticks=9834157164 --field-trial-handle=4240,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:1
                                                                                                                                                                                                    Imagebase:0x7ff7b6f00000
                                                                                                                                                                                                    File size:3'275'848 bytes
                                                                                                                                                                                                    MD5 hash:E55F91E0BC4D6D3029E7492F4C28A08F
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:84
                                                                                                                                                                                                    Start time:16:03:39
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4516,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=4784 /prefetch:8
                                                                                                                                                                                                    Imagebase:0x7ff7b6f00000
                                                                                                                                                                                                    File size:3'275'848 bytes
                                                                                                                                                                                                    MD5 hash:E55F91E0BC4D6D3029E7492F4C28A08F
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:85
                                                                                                                                                                                                    Start time:16:03:46
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=5272,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5400 /prefetch:8
                                                                                                                                                                                                    Imagebase:0x7ff7b6f00000
                                                                                                                                                                                                    File size:3'275'848 bytes
                                                                                                                                                                                                    MD5 hash:E55F91E0BC4D6D3029E7492F4C28A08F
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:87
                                                                                                                                                                                                    Start time:16:03:46
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5440,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8
                                                                                                                                                                                                    Imagebase:0x7ff7b6f00000
                                                                                                                                                                                                    File size:3'275'848 bytes
                                                                                                                                                                                                    MD5 hash:E55F91E0BC4D6D3029E7492F4C28A08F
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:89
                                                                                                                                                                                                    Start time:16:03:46
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5600,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5596 /prefetch:8
                                                                                                                                                                                                    Imagebase:0x7ff7b6f00000
                                                                                                                                                                                                    File size:3'275'848 bytes
                                                                                                                                                                                                    MD5 hash:E55F91E0BC4D6D3029E7492F4C28A08F
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:90
                                                                                                                                                                                                    Start time:16:03:47
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5608,i,12163042121168393915,15585862096678382534,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
                                                                                                                                                                                                    Imagebase:0x7ff7b6f00000
                                                                                                                                                                                                    File size:3'275'848 bytes
                                                                                                                                                                                                    MD5 hash:E55F91E0BC4D6D3029E7492F4C28A08F
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:176
                                                                                                                                                                                                    Start time:16:03:57
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:179
                                                                                                                                                                                                    Start time:16:03:57
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:221
                                                                                                                                                                                                    Start time:16:03:58
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:230
                                                                                                                                                                                                    Start time:16:03:59
                                                                                                                                                                                                    Start date:11/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                    File size:875'008 bytes
                                                                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 00007FF6FFBE6710 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.98288484598.00007FF6FFB71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6FFB70000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.98288222870.00007FF6FFB70000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.98288772731.00007FF6FFC42000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.98288936774.00007FF6FFC6F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.98289044841.00007FF6FFC7D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.98289146090.00007FF6FFC85000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.98289244965.00007FF6FFC91000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.98289244965.00007FF700691000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.98289244965.00007FF701091000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_7ff6ffb70000_onestart_installer.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2933794660-0
                                                                                                                                                                                                      • Opcode ID: 578e464a0e47218d94b965aefd1e646912a7c854cfc7182664d7a84f8e218db8
                                                                                                                                                                                                      • Instruction ID: f7a2fc38c206faaf178eae3ad2de08829dffaef382ea5305cf6be30fa52fa7a3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 578e464a0e47218d94b965aefd1e646912a7c854cfc7182664d7a84f8e218db8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12111826B18F158AEB008F60F8542B933B4FB1A758F441A31EA7D867A4EF78D1A48340

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:3.1%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                      Signature Coverage:4.3%
                                                                                                                                                                                                      Total number of Nodes:209
                                                                                                                                                                                                      Total number of Limit Nodes:11
                                                                                                                                                                                                      execution_graph 1458 7ff73349fbb0 1464 7ff73349f870 VirtualFree 1458->1464 1461 7ff73349fc2c ReleaseSRWLockExclusive 1463 7ff73349fbe7 1461->1463 1463->1461 1466 7ff7335396b0 1463->1466 1465 7ff73349f884 TryAcquireSRWLockExclusive 1464->1465 1465->1463 1467 7ff7335396d0 TryAcquireSRWLockExclusive 1466->1467 1468 7ff733539709 1467->1468 1469 7ff7335396da 1467->1469 1468->1463 1469->1467 1470 7ff7335396f5 AcquireSRWLockExclusive 1469->1470 1470->1468 1718 7ff733561898 1719 7ff7335618d2 1718->1719 1720 7ff7335618fa RtlCaptureContext RtlLookupFunctionEntry 1719->1720 1721 7ff73356196a IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 1720->1721 1722 7ff733561934 RtlVirtualUnwind 1720->1722 1723 7ff7335619bc 1721->1723 1722->1721 1724 7ff733548080 8 API calls 1723->1724 1725 7ff7335619db 1724->1725 1471 7ff733546a7c 1473 7ff733546a87 1471->1473 1474 7ff733546aa0 1473->1474 1476 7ff733546aa6 1473->1476 1481 7ff73355a248 1473->1481 1484 7ff73352b360 1473->1484 1477 7ff733546ab1 1476->1477 1488 7ff733547300 1476->1488 1492 7ff733547320 1477->1492 1496 7ff73355a290 1481->1496 1486 7ff73352b371 1484->1486 1485 7ff73352b38b 1485->1473 1486->1485 1502 7ff7335e9a40 1486->1502 1489 7ff73354730e 1488->1489 1505 7ff7335488cc 1489->1505 1491 7ff73354731f 1493 7ff73354732e 1492->1493 1494 7ff7335488cc 2 API calls 1493->1494 1495 7ff733546ab7 1494->1495 1501 7ff7335718c8 EnterCriticalSection 1496->1501 1498 7ff73355a29d 1499 7ff7335718e4 LeaveCriticalSection 1498->1499 1500 7ff73355a25a 1499->1500 1500->1473 1503 7ff73355a290 2 API calls 1502->1503 1504 7ff7335e9a4d 1503->1504 1504->1486 1508 7ff7335488eb 1505->1508 1506 7ff733548914 RtlPcToFileHeader 1509 7ff73354892c 1506->1509 1507 7ff733548936 RaiseException 1507->1491 1508->1506 1508->1507 1509->1507 1590 7ff733403560 1591 7ff733403594 1590->1591 1592 7ff7334036d0 RtlVirtualUnwind 1590->1592 1591->1592 1570 7ff733460710 RegOpenKeyExW 1571 7ff733460752 1570->1571 1573 7ff73346075a 1570->1573 1571->1573 1574 7ff733460782 RegCloseKey 1571->1574 1576 7ff733548080 1573->1576 1574->1573 1577 7ff733548089 1576->1577 1578 7ff733460778 1577->1578 1579 7ff7335481d0 IsProcessorFeaturePresent 1577->1579 1580 7ff7335481e8 1579->1580 1585 7ff733548314 RtlCaptureContext 1580->1585 1586 7ff73354832e RtlLookupFunctionEntry 1585->1586 1587 7ff7335481fb 1586->1587 1588 7ff733548344 RtlVirtualUnwind 1586->1588 1589 7ff733548388 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 1587->1589 1588->1586 1588->1587 1709 7ff7335698c0 1712 7ff733569e3c 1709->1712 1717 7ff7335718c8 EnterCriticalSection 1712->1717 1510 7ff733509a70 1511 7ff733509a84 1510->1511 1514 7ff733508d10 1511->1514 1517 7ff7335157a0 1514->1517 1516 7ff733508d2b 1518 7ff7335157fd 1517->1518 1525 7ff7335157d8 1517->1525 1527 7ff733546afc AcquireSRWLockExclusive 1518->1527 1520 7ff733515809 1521 7ff733515833 1520->1521 1522 7ff733546afc AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive 1520->1522 1520->1525 1523 7ff733546cc8 EnterCriticalSection LeaveCriticalSection 1521->1523 1521->1525 1522->1521 1524 7ff733515859 1523->1524 1526 7ff733546bb0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 1524->1526 1525->1516 1526->1525 1528 7ff733546b12 1527->1528 1529 7ff733546b17 ReleaseSRWLockExclusive 1528->1529 1531 7ff733546b1c SleepConditionVariableSRW 1528->1531 1531->1528 1633 7ff7336090e0 1634 7ff7336090f8 1633->1634 1641 7ff7335dd770 1634->1641 1637 7ff733609135 1638 7ff733546afc 3 API calls 1639 7ff73360914d 1638->1639 1639->1637 1645 7ff733546bb0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 1639->1645 1642 7ff7335dd77d 1641->1642 1646 7ff7335dd760 1642->1646 1651 7ff7335dd720 RaiseException 1646->1651 1648 7ff7335dd769 1649 7ff7335dd760 15 API calls 1648->1649 1650 7ff7335dd785 1649->1650 1650->1637 1650->1638 1658 7ff733559f40 1651->1658 1654 7ff7335dd720 14 API calls 1655 7ff7335dd769 1654->1655 1656 7ff7335dd760 14 API calls 1655->1656 1657 7ff7335dd785 1656->1657 1657->1648 1659 7ff73355a07c 1658->1659 1660 7ff73355a0eb 1659->1660 1661 7ff73355a0a1 GetModuleHandleW 1659->1661 1670 7ff73355a210 1660->1670 1661->1660 1666 7ff73355a0ae 1661->1666 1664 7ff73355a12e 1664->1654 1665 7ff73355a139 1682 7ff73355a048 1665->1682 1666->1660 1677 7ff733559fb4 GetModuleHandleExW 1666->1677 1689 7ff7335718c8 EnterCriticalSection 1670->1689 1672 7ff73355a22c 1673 7ff73355a144 EnterCriticalSection LeaveCriticalSection 1672->1673 1674 7ff73355a235 1673->1674 1675 7ff7335718e4 LeaveCriticalSection 1674->1675 1676 7ff73355a127 1675->1676 1676->1664 1676->1665 1678 7ff733559fe8 GetProcAddress 1677->1678 1679 7ff733559ffa 1677->1679 1678->1679 1680 7ff73355a01d 1679->1680 1681 7ff73355a016 FreeLibrary 1679->1681 1680->1660 1681->1680 1690 7ff73355a024 1682->1690 1684 7ff73355a055 1685 7ff73355a06a 1684->1685 1686 7ff73355a059 GetCurrentProcess TerminateProcess 1684->1686 1687 7ff733559fb4 3 API calls 1685->1687 1686->1685 1688 7ff73355a071 ExitProcess 1687->1688 1693 7ff733573b84 1690->1693 1692 7ff73355a02d 1692->1684 1694 7ff733573b95 1693->1694 1695 7ff733573ba3 1694->1695 1697 7ff733571384 1694->1697 1695->1692 1700 7ff7335715c0 1697->1700 1701 7ff7335713ac 1700->1701 1703 7ff733571618 1700->1703 1701->1695 1702 7ff73357164d LoadLibraryExW 1705 7ff733571722 1702->1705 1706 7ff733571672 GetLastError 1702->1706 1703->1701 1703->1702 1704 7ff733571742 GetProcAddress 1703->1704 1708 7ff7335716ac LoadLibraryExW 1703->1708 1704->1701 1705->1704 1707 7ff733571739 FreeLibrary 1705->1707 1706->1703 1707->1704 1708->1703 1708->1705 1532 7ff733539c10 VirtualFree 1533 7ff733539c29 GetLastError 1532->1533 1534 7ff733539c24 1532->1534 1533->1534 1535 7ff733539c33 1533->1535 1536 7ff733539c59 VirtualAlloc 1535->1536 1537 7ff733539c97 1535->1537 1538 7ff733539cb9 GetLastError 1536->1538 1539 7ff733539c88 1536->1539 1537->1538 1540 7ff733539f7c 1537->1540 1541 7ff733539cda Sleep VirtualAlloc 1538->1541 1542 7ff733539cca 1538->1542 1541->1539 1543 7ff733539cff GetLastError 1541->1543 1542->1539 1542->1541 1544 7ff733539d1c Sleep VirtualAlloc 1543->1544 1545 7ff733539d10 1543->1545 1544->1539 1546 7ff733539d45 GetLastError 1544->1546 1545->1539 1545->1544 1547 7ff733539d66 Sleep VirtualAlloc 1546->1547 1548 7ff733539d56 1546->1548 1547->1539 1549 7ff733539d8f GetLastError 1547->1549 1548->1539 1548->1547 1550 7ff733539db0 Sleep VirtualAlloc 1549->1550 1551 7ff733539da0 1549->1551 1550->1539 1552 7ff733539dd9 GetLastError 1550->1552 1551->1539 1551->1550 1553 7ff733539dfa Sleep VirtualAlloc 1552->1553 1554 7ff733539dea 1552->1554 1553->1539 1555 7ff733539e23 GetLastError 1553->1555 1554->1539 1554->1553 1556 7ff733539e44 Sleep VirtualAlloc 1555->1556 1557 7ff733539e34 1555->1557 1556->1539 1558 7ff733539e6d GetLastError 1556->1558 1557->1539 1557->1556 1559 7ff733539e8e Sleep VirtualAlloc 1558->1559 1560 7ff733539e7e 1558->1560 1559->1539 1561 7ff733539eb7 GetLastError 1559->1561 1560->1539 1560->1559 1562 7ff733539ed8 Sleep VirtualAlloc 1561->1562 1563 7ff733539ec8 1561->1563 1562->1539 1564 7ff733539f01 GetLastError 1562->1564 1563->1539 1563->1562 1565 7ff733539f22 Sleep VirtualAlloc 1564->1565 1566 7ff733539f12 1564->1566 1565->1539 1567 7ff733539f4b GetLastError 1565->1567 1566->1539 1566->1565 1568 7ff733539f6c Sleep 1567->1568 1569 7ff733539f5c 1567->1569 1569->1539 1569->1568 1596 7ff733434e60 1601 7ff733434970 CreateMutexW 1596->1601 1598 7ff733434e78 1599 7ff733434e88 1598->1599 1604 7ff733546a7c 1598->1604 1602 7ff73343499d WaitForSingleObject 1601->1602 1603 7ff7334349b0 1601->1603 1602->1603 1603->1598 1606 7ff733546a87 1604->1606 1605 7ff73352b360 2 API calls 1605->1606 1606->1605 1607 7ff733546aa0 1606->1607 1608 7ff73355a248 2 API calls 1606->1608 1609 7ff733546aa6 1606->1609 1607->1599 1608->1606 1610 7ff733546ab1 1609->1610 1611 7ff733547300 2 API calls 1609->1611 1612 7ff733547320 2 API calls 1610->1612 1611->1610 1613 7ff733546ab7 1612->1613 1629 7ff7334341e0 1630 7ff7334341fb 1629->1630 1632 7ff73343422c 1629->1632 1631 7ff733546a7c 4 API calls 1630->1631 1630->1632 1631->1632 1729 7ff733434ec0 1732 7ff7334349c0 1729->1732 1733 7ff7334349d7 1732->1733 1734 7ff7334349cd ReleaseMutex 1732->1734 1735 7ff7334349ec 1733->1735 1736 7ff7334349e0 CloseHandle 1733->1736 1734->1733 1736->1735 1620 7ff733548730 1623 7ff733548744 1620->1623 1624 7ff733548739 1623->1624 1625 7ff733548767 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 1623->1625 1625->1624

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 00007FF733539C10 Relevance: 40.2, APIs: 32, Instructions: 230memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 0 7ff733539c10-7ff733539c22 VirtualFree 1 7ff733539c29-7ff733539c31 GetLastError 0->1 2 7ff733539c24-7ff733539c28 0->2 1->2 3 7ff733539c33-7ff733539c57 1->3 4 7ff733539c59-7ff733539c86 VirtualAlloc 3->4 5 7ff733539c97-7ff733539c9a 3->5 6 7ff733539cb9-7ff733539cc8 GetLastError 4->6 7 7ff733539c88-7ff733539c96 4->7 8 7ff733539f7c-7ff733539f7f 5->8 9 7ff733539ca0-7ff733539cad 5->9 10 7ff733539cda-7ff733539cfd Sleep VirtualAlloc 6->10 11 7ff733539cca-7ff733539ccf 6->11 9->6 10->7 13 7ff733539cff-7ff733539d0e GetLastError 10->13 11->10 12 7ff733539cd1-7ff733539cd4 11->12 12->10 14 7ff733539cd6-7ff733539cd8 12->14 15 7ff733539d1c-7ff733539d3f Sleep VirtualAlloc 13->15 16 7ff733539d10-7ff733539d15 13->16 14->7 15->7 18 7ff733539d45-7ff733539d54 GetLastError 15->18 16->15 17 7ff733539d17-7ff733539d1a 16->17 17->14 17->15 19 7ff733539d66-7ff733539d89 Sleep VirtualAlloc 18->19 20 7ff733539d56-7ff733539d5b 18->20 19->7 22 7ff733539d8f-7ff733539d9e GetLastError 19->22 20->19 21 7ff733539d5d-7ff733539d60 20->21 21->14 21->19 23 7ff733539db0-7ff733539dd3 Sleep VirtualAlloc 22->23 24 7ff733539da0-7ff733539da5 22->24 23->7 26 7ff733539dd9-7ff733539de8 GetLastError 23->26 24->23 25 7ff733539da7-7ff733539daa 24->25 25->14 25->23 27 7ff733539dfa-7ff733539e1d Sleep VirtualAlloc 26->27 28 7ff733539dea-7ff733539def 26->28 27->7 30 7ff733539e23-7ff733539e32 GetLastError 27->30 28->27 29 7ff733539df1-7ff733539df4 28->29 29->14 29->27 31 7ff733539e44-7ff733539e67 Sleep VirtualAlloc 30->31 32 7ff733539e34-7ff733539e39 30->32 31->7 34 7ff733539e6d-7ff733539e7c GetLastError 31->34 32->31 33 7ff733539e3b-7ff733539e3e 32->33 33->14 33->31 35 7ff733539e8e-7ff733539eb1 Sleep VirtualAlloc 34->35 36 7ff733539e7e-7ff733539e83 34->36 35->7 38 7ff733539eb7-7ff733539ec6 GetLastError 35->38 36->35 37 7ff733539e85-7ff733539e88 36->37 37->14 37->35 39 7ff733539ed8-7ff733539efb Sleep VirtualAlloc 38->39 40 7ff733539ec8-7ff733539ecd 38->40 39->7 42 7ff733539f01-7ff733539f10 GetLastError 39->42 40->39 41 7ff733539ecf-7ff733539ed2 40->41 41->14 41->39 43 7ff733539f22-7ff733539f45 Sleep VirtualAlloc 42->43 44 7ff733539f12-7ff733539f17 42->44 43->7 46 7ff733539f4b-7ff733539f5a GetLastError 43->46 44->43 45 7ff733539f19-7ff733539f1c 44->45 45->14 45->43 47 7ff733539f6c-7ff733539f77 Sleep 46->47 48 7ff733539f5c-7ff733539f61 46->48 48->47 49 7ff733539f63-7ff733539f66 48->49 49->14 49->47
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • VirtualFree.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00000000,00006720002B8090,-0000000400000000,?,00007FF733490851,00000000), ref: 00007FF733539C1A
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00006720002B8090,-0000000400000000,?,00007FF733490851,00000000), ref: 00007FF733539C29
                                                                                                                                                                                                      • VirtualAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF733539C74
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Virtual$AllocErrorFreeLast
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3335258512-0
                                                                                                                                                                                                      • Opcode ID: 315132d2f4196db2e0ef58b7be68630e9b887776c040858538dba58e58013f56
                                                                                                                                                                                                      • Instruction ID: b79008ca1dca5520787996547e7028352799b1a8e36259ebb3c0a9ec0ae1c63b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 315132d2f4196db2e0ef58b7be68630e9b887776c040858538dba58e58013f56
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0481C8A0B09517A6FEF9373198597789692AF91FD2F941438C90E237D0DF3D6484A331
                                                                                                                                                                                                      Function 00007FF73349FBB0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00007FF73349F870: VirtualFree.KERNELBASE(?,?,?,?,00007FF73349FBDA,?,?,?,?,?,?,?,?,?,00000000,00006720002B8090), ref: 00007FF73349F87A
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00006720002B8090,-0000000400000000,?,00007FF733490851,00000000,00000000), ref: 00007FF73349FBDD
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AcquireExclusiveFreeLockVirtual
                                                                                                                                                                                                      • String ID: bitset reset argument out of range
                                                                                                                                                                                                      • API String ID: 3050191949-1934458321
                                                                                                                                                                                                      • Opcode ID: ed093f6c68e05cdcb2f83535b947233b11cafa23599d34f4a3f5a1430ab79021
                                                                                                                                                                                                      • Instruction ID: f5464783a67bbfef3fed583cf8e5479cbc9fe9d317c0f865b8ee143c1e5940e9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed093f6c68e05cdcb2f83535b947233b11cafa23599d34f4a3f5a1430ab79021
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6301FE52F18B2A51FEA4BF11E944774D253AB54FF1E848330CD2E6BBD5DD1C90829364
                                                                                                                                                                                                      Function 00007FF733460710 Relevance: 3.0, APIs: 2, Instructions: 37registryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(?,?,?,?,00000000,00000000,?,00007FF733434CD8,?,?,?,?,?,?,?), ref: 00007FF733460746
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,00000000,00000000,?,00007FF733434CD8,?,?,?,?,?,?,?), ref: 00007FF733460782
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseOpen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 47109696-0
                                                                                                                                                                                                      • Opcode ID: e3557ee331a188c7b26bdb85238662f8b9453d79cd719b728d9fec46baa788f3
                                                                                                                                                                                                      • Instruction ID: a9bf8345256c3aa4d60c9f71c1e4f763a9c2b0f84569d12e9ee622809eea9864
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3557ee331a188c7b26bdb85238662f8b9453d79cd719b728d9fec46baa788f3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A01A262B29B5195FBA16F15E85077AB3A0AB84B94F414031EE4F57710DF3CD8509B50
                                                                                                                                                                                                      Function 00007FF73349F870 Relevance: 1.3, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • VirtualFree.KERNELBASE(?,?,?,?,00007FF73349FBDA,?,?,?,?,?,?,?,?,?,00000000,00006720002B8090), ref: 00007FF73349F87A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1263568516-0
                                                                                                                                                                                                      • Opcode ID: 3ae4b981aa4288686b2b64a59ba7644d66dc022b71aa830d1132eddecbfae59f
                                                                                                                                                                                                      • Instruction ID: 9a883baccf2a145af82da1330be19f4b8256bd92ab6b1761c32dc6afe954ce5a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ae4b981aa4288686b2b64a59ba7644d66dc022b71aa830d1132eddecbfae59f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9EC08C94F1910AE0F2FC37122C80A3442001B6CB43FC529B0C31DBAA80FE2CA1637B30

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 00007FF733561898 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1239891234-0
                                                                                                                                                                                                      • Opcode ID: 301c91369949e6c25b39dc262e0779044610a613d1e48da04f9db163c67d1fd5
                                                                                                                                                                                                      • Instruction ID: 72851837223d983194a22dec425c88096fe90bfd73596d554ecf6cf9a2ad440d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 301c91369949e6c25b39dc262e0779044610a613d1e48da04f9db163c67d1fd5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF319336608B819AE7B0DF35E8402AEB7A0FB84794F941135EA9D53B55DF3CC155CB10
                                                                                                                                                                                                      Function 00007FF733548388 Relevance: 4.5, APIs: 3, Instructions: 13COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(?,?,?,00007FF73354829D,?,?,?,?,?,?,00007FF7335847B4), ref: 00007FF733548393
                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,00007FF73354829D,?,?,?,?,?,?,00007FF7335847B4), ref: 00007FF73354839C
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,?,?,00007FF73354829D,?,?,?,?,?,?,00007FF7335847B4), ref: 00007FF7335483A2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$CurrentProcess
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1249254920-0
                                                                                                                                                                                                      • Opcode ID: 1fbdc99143133be9dafaac236da30233107c47591583d401508aa4f84b883c06
                                                                                                                                                                                                      • Instruction ID: 7ded1f99e1092e689ee5b25d5acfe62c43529fe8ec4655d17b4f9f5f766e39c7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1fbdc99143133be9dafaac236da30233107c47591583d401508aa4f84b883c06
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86D0A7D1E08512DEFBEC37616C140349652AB4DB52F482034CD2F51310ED3C54959310
                                                                                                                                                                                                      Function 00007FF73340DEC0 Relevance: 1.3, Instructions: 1269COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: cb1e13c95d6cd2d8f2921b9e83b013f5092bfbbb21e7cc2c2ef6f15e67356004
                                                                                                                                                                                                      • Instruction ID: 4c85462a4b1d9364b259266f394c4d5bc40055be91919e505ebd98cbb4524696
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cb1e13c95d6cd2d8f2921b9e83b013f5092bfbbb21e7cc2c2ef6f15e67356004
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AEA2A5776287448F9358DF25A44405BBBA2F798248F869519FB83D3688EB7CEE01CF44
                                                                                                                                                                                                      Function 00007FF73340AEC0 Relevance: .6, Instructions: 646COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 44b6302aede2dd13ff882eb9c1be377701c721944b08f923b62188f15a2c4496
                                                                                                                                                                                                      • Instruction ID: 2876b4e22cab8318bbbe8e0a70872364c2fe4eda72f043fc8f5c4d0d5e7a5641
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 44b6302aede2dd13ff882eb9c1be377701c721944b08f923b62188f15a2c4496
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76324C770B46004BD31FCE2ED99158AB292F784AA2709F238FE57C7B54E67CEE158604
                                                                                                                                                                                                      Function 00007FF7334059E0 Relevance: .6, Instructions: 591COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 941c3f61f45747e6e7358fa919290d1df2dae1c805f0534d8829bf688efcf18b
                                                                                                                                                                                                      • Instruction ID: 1db71ca91faf4835b5224e08fa358d9a947cd36dacdb8f06ce1849260460bca8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 941c3f61f45747e6e7358fa919290d1df2dae1c805f0534d8829bf688efcf18b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC3277F6B90A65A6DB048F16E90139D7B64F319BC8F898526DF8C93B54EB38E471D300
                                                                                                                                                                                                      Function 00007FF7334025D0 Relevance: .5, Instructions: 510COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 621dddc85820b6b9669c90c1ac098aea83f3a6e1c9f60fd3a8c13654824637f4
                                                                                                                                                                                                      • Instruction ID: 54cc3f75d99570840ae1fe7f84f64258192565cf5d782361507d53d41fa36358
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 621dddc85820b6b9669c90c1ac098aea83f3a6e1c9f60fd3a8c13654824637f4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95229512D08FA961E6335739C4031B6A310EFB7B88F10E717FED8755A2DF75A985A200
                                                                                                                                                                                                      Function 00007FF733401D60 Relevance: .5, Instructions: 452COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: c0d8db660dafa7654a1594341d234b86c4b903bc484b0369b76a9fc2ccc5b30d
                                                                                                                                                                                                      • Instruction ID: 03334b1c91267178fb2d08882241fff16b2e3f898433ca555aea46586b5ebf91
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c0d8db660dafa7654a1594341d234b86c4b903bc484b0369b76a9fc2ccc5b30d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F22A822D0CFC961E6234B79D0065B5A720BFB7294B00D31BFFC971472EB66B691A711
                                                                                                                                                                                                      Function 00007FF73340BC40 Relevance: .3, Instructions: 336COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 086343a799878cd5411b4f88b970a76c068effd6d1c591d3a808909c7094f8a8
                                                                                                                                                                                                      • Instruction ID: 8fd8d91c654c6ab1c138c8749a8773703842e06b1ac5635b5646e6edcae572c5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 086343a799878cd5411b4f88b970a76c068effd6d1c591d3a808909c7094f8a8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56D19C9BC28FD945F313633D54436A2E610AFFB5D9A20E303FDF475A22EB50B2956220
                                                                                                                                                                                                      Function 00007FF733401760 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: daf0e0dfe6573bd52038698bb5992c6f245c2f2e0251e08476892236e289c43a
                                                                                                                                                                                                      • Instruction ID: f10fdf3fd569f5b64d835cf60b1cc9810cb8018219a40909f3af0d6b05c706f0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: daf0e0dfe6573bd52038698bb5992c6f245c2f2e0251e08476892236e289c43a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CCF14C12D1CFC593E6755B3896012BAA320FFB9348F42E715EFDD26961DB28F2E49210
                                                                                                                                                                                                      Function 00007FF733402FE0 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 7d62fd74f54ba3592e573cb30f791209a0c791a0778366c0b48e58f2d5343574
                                                                                                                                                                                                      • Instruction ID: adaa7b5ec0eb0a83267eb7d9fbd5397b026bcedae746847ac24a0309304a1287
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d62fd74f54ba3592e573cb30f791209a0c791a0778366c0b48e58f2d5343574
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93B1D021D0DB9255F7A737750403274DA306FE2254F91C732FDACB99A3EF18B2486122
                                                                                                                                                                                                      Function 00007FF73340A560 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 943d49a28179acb6b17e54598dc5f3c7297a0172a48014cdfa5047513f315c58
                                                                                                                                                                                                      • Instruction ID: 42858ce704e87d82e7337dbb5c1b4504bf1351e8323591d66745dc42e29d66d4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 943d49a28179acb6b17e54598dc5f3c7297a0172a48014cdfa5047513f315c58
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A86107E6F50F9883DB548B9EA402B886760F719FC5F55511AEE2C67301EA3DE9A3C340
                                                                                                                                                                                                      Function 00007FF73340A820 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 0d6523ba8e4505282c919c1d35e15f27044c6a44fab965eb172d8ea98f7d2704
                                                                                                                                                                                                      • Instruction ID: da7cff74ec7fdd3f23c44029e7e5cb4f6e3f0f44d058c844f84f206ffc1f1dbc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d6523ba8e4505282c919c1d35e15f27044c6a44fab965eb172d8ea98f7d2704
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA51BAF3B62B9485D7918FA9E444BC837A8F329F95F215115EB4C6B351DB328A62C301
                                                                                                                                                                                                      Function 00007FF73340B900 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 02323f517cbf350cfbeb0c3f318ffe39790de6965295fc42d713387882083901
                                                                                                                                                                                                      • Instruction ID: 6a864250fdc68409178419ba1127aecb898abd4f30347b45062267ce0a47cc23
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02323f517cbf350cfbeb0c3f318ffe39790de6965295fc42d713387882083901
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E41E3EAC29FB945E723A33A6D43286D9009EF7989550E303FCB439E65F701B4D13224
                                                                                                                                                                                                      Function 00007FF73340CE50 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 917f221f1fdc2f3cfa137cf8323b0265ea5c3e7c4513c8c8df36b6c0dfc1438c
                                                                                                                                                                                                      • Instruction ID: cbbe436feeb8268ebda4e41f49645e3a7a4a4f7dd79fe320eec87397ec35ce0e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 917f221f1fdc2f3cfa137cf8323b0265ea5c3e7c4513c8c8df36b6c0dfc1438c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7414FA9D19F9A52FB1367396803233D6009FF3698E42D71BFDB839DA9D706B6006214
                                                                                                                                                                                                      Function 00007FF73355C95C Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 543fd9a09f157ac35d2306c4c3e2f2746302e4956d23ab63b0eff1c537af5173
                                                                                                                                                                                                      • Instruction ID: 4c70fd221a42f9f1da000b8ccf875bcd755c4810574a839dce02c8ae3876ddb4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 543fd9a09f157ac35d2306c4c3e2f2746302e4956d23ab63b0eff1c537af5173
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D841F672714A9595FF94DF2AD914569B7A2FB48FC0B89A033EE0EA7B58DE3CD0419300
                                                                                                                                                                                                      Function 00007FF73340CC28 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: d50b344fd40997ef61032572401c2718c2495c47b31e2a68449a733a46fab11f
                                                                                                                                                                                                      • Instruction ID: c6b4260377b8f86c528b148f0b49c6737a8cf8a02c6186061d932305a103a015
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d50b344fd40997ef61032572401c2718c2495c47b31e2a68449a733a46fab11f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91414DA9D1EFA912FB13773A680332796009FF3648E42D71BFDB439AA5D706B5007214
                                                                                                                                                                                                      Function 00007FF7334038E0 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 5d9d2c5fd83471100f2feedfbff893c455bbbc4bdf4b1e0af4efd3e7f174e415
                                                                                                                                                                                                      • Instruction ID: 10c47402693c25c76c052903ff33ef5c0282866ab59f2a0cdda8701ef5040379
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d9d2c5fd83471100f2feedfbff893c455bbbc4bdf4b1e0af4efd3e7f174e415
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F941252AE2CFD765F35393392403532E2006FF7185A81E72FFCE8B5862EB6453416228
                                                                                                                                                                                                      Function 00007FF73347B190 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 9bc15bdfe5e5c72f9702261bba144e0e343f21401ce832241b3f244572d11f43
                                                                                                                                                                                                      • Instruction ID: 47f9284f3a29a2273d1963c6633b64fb88b0b83b620d72365e501452e703c43d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9bc15bdfe5e5c72f9702261bba144e0e343f21401ce832241b3f244572d11f43
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C731A611F1B16AA5FEF4B7675814639D681AF49FD1E864031CD2DB7BA0DE3CA442B320
                                                                                                                                                                                                      Function 00007FF733403B70 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: fedd211d85889e38feaba19256e1d820c4023fc72ef2753d8fc0491be41d3aa5
                                                                                                                                                                                                      • Instruction ID: 40a8a7d36158152e24705d4405a176341a7cc0cfce762158b1bb67f8972d04a7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fedd211d85889e38feaba19256e1d820c4023fc72ef2753d8fc0491be41d3aa5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5331692AD2DFD7A1F323973E5007125DA14AFF3285A80E31FF9A834822FB119741A318
                                                                                                                                                                                                      Function 00007FF733403D10 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 45fb8e4984cf75ad13da3941a70ff3416a054f6fd0256eead7bf98917cefd826
                                                                                                                                                                                                      • Instruction ID: 6fa524e508d29e547cb71809c991b1ab6bb2cb3cfeb456f4ab2f1587718c2aab
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 45fb8e4984cf75ad13da3941a70ff3416a054f6fd0256eead7bf98917cefd826
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16313E21E29A53A1F6B2377855022BAEA117FA1714FC2D332F56CBD4D2FF1C2941B162
                                                                                                                                                                                                      Function 00007FF733403780 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 8ea886cd52430275e3277f50b8b86765c1b689ea584a48775ceb76ca86d8cde3
                                                                                                                                                                                                      • Instruction ID: 16f0a6c33af3e8466a19f5dd7c39a2885e93cad300cdcea40cdd4eb9008af3b3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ea886cd52430275e3277f50b8b86765c1b689ea584a48775ceb76ca86d8cde3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8821062AD2DFE761F723933E5407515D600AFF3285A90E72FBDA834C62E71147806228
                                                                                                                                                                                                      Function 00007FF73340BB72 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 98fc6b3dfde3ed742d76570d888ad03197b78c4892f74aa628d7e7a303058691
                                                                                                                                                                                                      • Instruction ID: 394b97a1f9ecd2d278097e0b21b91bc222008d41bd35dc17ca646a119dcc72ad
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98fc6b3dfde3ed742d76570d888ad03197b78c4892f74aa628d7e7a303058691
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 820146EAC24FBA42E723A3396943282D910AEF3588120E307FDF434E15F301B5E07220
                                                                                                                                                                                                      Function 00007FF7335715C0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 117libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,00000000,00007FF7335713AC,?,?,00000000,00007FF733573BA3,?,?,E0000008,00007FF73355A02D,?,?,?,?,00007FF73355A055), ref: 00007FF73357173C
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00000000,00007FF7335713AC,?,?,00000000,00007FF733573BA3,?,?,E0000008,00007FF73355A02D,?,?,?,?,00007FF73355A055), ref: 00007FF733571748
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                      • String ID: MZx$api-ms-$ext-ms-
                                                                                                                                                                                                      • API String ID: 3013587201-2431898299
                                                                                                                                                                                                      • Opcode ID: 1c0b51afabdfd2ce2d78c2f91c13fe3ce45fd959fcde41136322f77e61717b62
                                                                                                                                                                                                      • Instruction ID: 56079b1b4df388fbcc17449785d2a814fd3d63779ac6337b84736cfdad3a9408
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c0b51afabdfd2ce2d78c2f91c13fe3ce45fd959fcde41136322f77e61717b62
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B415921B09612A5FAB1EB22A800A75A392BF45BD1FCD5135CD1D6B784EE3CE605E320
                                                                                                                                                                                                      Function 00007FF733559FB4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                      • Opcode ID: 8bd0295144ef2525132b3cec3283064c5315c8173e4712c00eba5eb8ce4db0c7
                                                                                                                                                                                                      • Instruction ID: ce9dd3cacedacf2e39bc1bdd509f5fd2cb78a649b828de763395434cf227d438
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8bd0295144ef2525132b3cec3283064c5315c8173e4712c00eba5eb8ce4db0c7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BFF0C8A1A19A02D5FB70AB20E8443759361FF45761FD01236D57E161F0CF2CE048E320
                                                                                                                                                                                                      Function 00007FF733548744 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2933794660-0
                                                                                                                                                                                                      • Opcode ID: 7c1acffd110d4b7a2723ca55418211ff424d7afa9db049cb556b1940badc3297
                                                                                                                                                                                                      • Instruction ID: 0dd9b3a3cfd707ae1a0900c5f0162255fe8aee4b64afad459a1c891a562f096d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c1acffd110d4b7a2723ca55418211ff424d7afa9db049cb556b1940badc3297
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0114822B14F129AFB909B61E8542B873A4FB58759F841A31DA2D927A4EF3CD1548350
                                                                                                                                                                                                      Function 00007FF7335488CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 184 7ff7335488cc-7ff7335488e9 185 7ff7335488eb-7ff7335488ee 184->185 186 7ff733548908-7ff733548912 184->186 185->186 189 7ff7335488f0-7ff7335488fe 185->189 187 7ff733548914-7ff73354892a RtlPcToFileHeader 186->187 188 7ff733548936-7ff733548972 RaiseException 186->188 190 7ff73354892c-7ff73354892f 187->190 191 7ff733548931 187->191 189->186 190->188 190->191 191->188
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF73354733F), ref: 00007FF73354891C
                                                                                                                                                                                                      • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF73354733F), ref: 00007FF73354895D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                      • API String ID: 2573137834-1018135373
                                                                                                                                                                                                      • Opcode ID: 3b9b2c36bb67c30cb83322aee829d9a0d145c1af0cc162130ac7f9b084d7e637
                                                                                                                                                                                                      • Instruction ID: 740f483391e4a1bf280df0ab2f206dbe7bb06ebe07c4df5d645fbe26bcff0753
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b9b2c36bb67c30cb83322aee829d9a0d145c1af0cc162130ac7f9b084d7e637
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF119032608B8082EB659F24F400259BBE5FB88B84F984230EECC17758DF3DC411D700
                                                                                                                                                                                                      Function 00007FF733434970 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateMutexW.KERNEL32(?,?,?,00007FF733434E78,?,?,?,00007FF73358475D), ref: 00007FF73343498E
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,?,?,00007FF733434E78,?,?,?,00007FF73358475D), ref: 00007FF7334349A5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.98278648396.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.98278617362.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279143575.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279261158.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279308206.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279338082.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279367513.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279571871.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279726321.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.98279753964.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateMutexObjectSingleWait
                                                                                                                                                                                                      • String ID: {A946A6A9-917E-4949-B9BC-6BADA8C7FD63}
                                                                                                                                                                                                      • API String ID: 3113225513-1352562265
                                                                                                                                                                                                      • Opcode ID: 660c25fc20bc8be7404943b21a83553d18790ed32bdb0664fc46e80535c2f14d
                                                                                                                                                                                                      • Instruction ID: 367fe3c172576a492e91a87dab07d533d534b49aa1972f9a67fe420f32af024d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 660c25fc20bc8be7404943b21a83553d18790ed32bdb0664fc46e80535c2f14d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36E0D821B0D791C1F7A9AB79B8403B662919F48B00F98C034C59D53390DE3CD482D350

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:2.9%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                                                      Total number of Nodes:209
                                                                                                                                                                                                      Total number of Limit Nodes:10
                                                                                                                                                                                                      execution_graph 1696 7ff73349fbb0 1702 7ff73349f870 VirtualFree 1696->1702 1699 7ff73349fc2c ReleaseSRWLockExclusive 1701 7ff73349fbe7 1699->1701 1701->1699 1704 7ff7335396b0 1701->1704 1703 7ff73349f884 TryAcquireSRWLockExclusive 1702->1703 1703->1701 1705 7ff7335396d0 TryAcquireSRWLockExclusive 1704->1705 1706 7ff733539709 1705->1706 1707 7ff7335396da 1705->1707 1706->1701 1707->1705 1708 7ff7335396f5 AcquireSRWLockExclusive 1707->1708 1708->1706 1718 7ff733561898 1719 7ff7335618d2 1718->1719 1720 7ff7335618fa RtlCaptureContext RtlLookupFunctionEntry 1719->1720 1721 7ff73356196a IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 1720->1721 1722 7ff733561934 RtlVirtualUnwind 1720->1722 1723 7ff7335619bc 1721->1723 1722->1721 1724 7ff733548080 8 API calls 1723->1724 1725 7ff7335619db 1724->1725 1458 7ff733546a7c 1460 7ff733546a87 1458->1460 1461 7ff733546aa0 1460->1461 1463 7ff733546aa6 1460->1463 1468 7ff73355a248 1460->1468 1471 7ff73352b360 1460->1471 1464 7ff733546ab1 1463->1464 1475 7ff733547300 1463->1475 1479 7ff733547320 1464->1479 1483 7ff73355a290 1468->1483 1473 7ff73352b371 1471->1473 1472 7ff73352b38b 1472->1460 1473->1472 1489 7ff7335e9a40 1473->1489 1476 7ff73354730e 1475->1476 1492 7ff7335488cc 1476->1492 1478 7ff73354731f 1480 7ff73354732e 1479->1480 1481 7ff7335488cc 2 API calls 1480->1481 1482 7ff733546ab7 1481->1482 1488 7ff7335718c8 EnterCriticalSection 1483->1488 1485 7ff73355a29d 1486 7ff7335718e4 LeaveCriticalSection 1485->1486 1487 7ff73355a25a 1486->1487 1487->1460 1490 7ff73355a290 2 API calls 1489->1490 1491 7ff7335e9a4d 1490->1491 1491->1473 1495 7ff7335488eb 1492->1495 1493 7ff733548914 RtlPcToFileHeader 1496 7ff73354892c 1493->1496 1494 7ff733548936 RaiseException 1494->1478 1495->1493 1495->1494 1496->1494 1577 7ff733403560 1578 7ff733403594 1577->1578 1579 7ff7334036d0 RtlVirtualUnwind 1577->1579 1578->1579 1557 7ff733460710 RegOpenKeyExW 1558 7ff733460752 1557->1558 1560 7ff73346075a 1557->1560 1558->1560 1561 7ff733460782 RegCloseKey 1558->1561 1563 7ff733548080 1560->1563 1561->1560 1564 7ff733548089 1563->1564 1565 7ff733460778 1564->1565 1566 7ff7335481d0 IsProcessorFeaturePresent 1564->1566 1567 7ff7335481e8 1566->1567 1572 7ff733548314 RtlCaptureContext 1567->1572 1573 7ff73354832e RtlLookupFunctionEntry 1572->1573 1574 7ff7335481fb 1573->1574 1575 7ff733548344 RtlVirtualUnwind 1573->1575 1576 7ff733548388 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 1574->1576 1575->1573 1575->1574 1709 7ff7335698c0 1712 7ff733569e3c 1709->1712 1717 7ff7335718c8 EnterCriticalSection 1712->1717 1497 7ff733509a70 1498 7ff733509a84 1497->1498 1501 7ff733508d10 1498->1501 1504 7ff7335157a0 1501->1504 1503 7ff733508d2b 1505 7ff7335157fd 1504->1505 1512 7ff7335157d8 1504->1512 1514 7ff733546afc AcquireSRWLockExclusive 1505->1514 1507 7ff733515809 1508 7ff733515833 1507->1508 1509 7ff733546afc AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive 1507->1509 1507->1512 1510 7ff733546cc8 EnterCriticalSection LeaveCriticalSection 1508->1510 1508->1512 1509->1508 1511 7ff733515859 1510->1511 1513 7ff733546bb0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 1511->1513 1512->1503 1513->1512 1515 7ff733546b12 1514->1515 1516 7ff733546b17 ReleaseSRWLockExclusive 1515->1516 1518 7ff733546b1c SleepConditionVariableSRW 1515->1518 1518->1515 1620 7ff7336090e0 1621 7ff7336090f8 1620->1621 1628 7ff7335dd770 1621->1628 1624 7ff733609135 1625 7ff733546afc 3 API calls 1626 7ff73360914d 1625->1626 1626->1624 1632 7ff733546bb0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 1626->1632 1629 7ff7335dd77d 1628->1629 1633 7ff7335dd760 1629->1633 1638 7ff7335dd720 RaiseException 1633->1638 1635 7ff7335dd769 1636 7ff7335dd760 15 API calls 1635->1636 1637 7ff7335dd785 1636->1637 1637->1624 1637->1625 1645 7ff733559f40 1638->1645 1641 7ff7335dd720 14 API calls 1642 7ff7335dd769 1641->1642 1643 7ff7335dd760 14 API calls 1642->1643 1644 7ff7335dd785 1643->1644 1644->1635 1646 7ff73355a07c 1645->1646 1647 7ff73355a0eb 1646->1647 1648 7ff73355a0a1 GetModuleHandleW 1646->1648 1657 7ff73355a210 1647->1657 1648->1647 1653 7ff73355a0ae 1648->1653 1651 7ff73355a12e 1651->1641 1652 7ff73355a139 1669 7ff73355a048 1652->1669 1653->1647 1664 7ff733559fb4 GetModuleHandleExW 1653->1664 1676 7ff7335718c8 EnterCriticalSection 1657->1676 1659 7ff73355a22c 1660 7ff73355a144 EnterCriticalSection LeaveCriticalSection 1659->1660 1661 7ff73355a235 1660->1661 1662 7ff7335718e4 LeaveCriticalSection 1661->1662 1663 7ff73355a127 1662->1663 1663->1651 1663->1652 1665 7ff733559fe8 GetProcAddress 1664->1665 1666 7ff733559ffa 1664->1666 1665->1666 1667 7ff73355a01d 1666->1667 1668 7ff73355a016 FreeLibrary 1666->1668 1667->1647 1668->1667 1677 7ff73355a024 1669->1677 1671 7ff73355a055 1672 7ff73355a06a 1671->1672 1673 7ff73355a059 GetCurrentProcess TerminateProcess 1671->1673 1674 7ff733559fb4 3 API calls 1672->1674 1673->1672 1675 7ff73355a071 ExitProcess 1674->1675 1680 7ff733573b84 1677->1680 1679 7ff73355a02d 1679->1671 1681 7ff733573b95 1680->1681 1682 7ff733573ba3 1681->1682 1684 7ff733571384 1681->1684 1682->1679 1687 7ff7335715c0 1684->1687 1688 7ff7335713ac 1687->1688 1690 7ff733571618 1687->1690 1688->1682 1689 7ff73357164d LoadLibraryExW 1692 7ff733571722 1689->1692 1693 7ff733571672 GetLastError 1689->1693 1690->1688 1690->1689 1691 7ff733571742 GetProcAddress 1690->1691 1695 7ff7335716ac LoadLibraryExW 1690->1695 1691->1688 1692->1691 1694 7ff733571739 FreeLibrary 1692->1694 1693->1690 1694->1691 1695->1690 1695->1692 1519 7ff733539c10 VirtualFree 1520 7ff733539c29 GetLastError 1519->1520 1521 7ff733539c24 1519->1521 1520->1521 1522 7ff733539c33 1520->1522 1523 7ff733539c59 VirtualAlloc 1522->1523 1524 7ff733539c97 1522->1524 1525 7ff733539cb9 GetLastError 1523->1525 1526 7ff733539c88 1523->1526 1524->1525 1527 7ff733539f7c 1524->1527 1528 7ff733539cda Sleep VirtualAlloc 1525->1528 1529 7ff733539cca 1525->1529 1528->1526 1530 7ff733539cff GetLastError 1528->1530 1529->1526 1529->1528 1531 7ff733539d1c Sleep VirtualAlloc 1530->1531 1532 7ff733539d10 1530->1532 1531->1526 1533 7ff733539d45 GetLastError 1531->1533 1532->1526 1532->1531 1534 7ff733539d66 Sleep VirtualAlloc 1533->1534 1535 7ff733539d56 1533->1535 1534->1526 1536 7ff733539d8f GetLastError 1534->1536 1535->1526 1535->1534 1537 7ff733539db0 Sleep VirtualAlloc 1536->1537 1538 7ff733539da0 1536->1538 1537->1526 1539 7ff733539dd9 GetLastError 1537->1539 1538->1526 1538->1537 1540 7ff733539dfa Sleep VirtualAlloc 1539->1540 1541 7ff733539dea 1539->1541 1540->1526 1542 7ff733539e23 GetLastError 1540->1542 1541->1526 1541->1540 1543 7ff733539e44 Sleep VirtualAlloc 1542->1543 1544 7ff733539e34 1542->1544 1543->1526 1545 7ff733539e6d GetLastError 1543->1545 1544->1526 1544->1543 1546 7ff733539e8e Sleep VirtualAlloc 1545->1546 1547 7ff733539e7e 1545->1547 1546->1526 1548 7ff733539eb7 GetLastError 1546->1548 1547->1526 1547->1546 1549 7ff733539ed8 Sleep VirtualAlloc 1548->1549 1550 7ff733539ec8 1548->1550 1549->1526 1551 7ff733539f01 GetLastError 1549->1551 1550->1526 1550->1549 1552 7ff733539f22 Sleep VirtualAlloc 1551->1552 1553 7ff733539f12 1551->1553 1552->1526 1554 7ff733539f4b GetLastError 1552->1554 1553->1526 1553->1552 1555 7ff733539f6c Sleep 1554->1555 1556 7ff733539f5c 1554->1556 1556->1526 1556->1555 1583 7ff733434e60 1588 7ff733434970 CreateMutexW 1583->1588 1585 7ff733434e78 1586 7ff733434e88 1585->1586 1591 7ff733546a7c 1585->1591 1589 7ff73343499d WaitForSingleObject 1588->1589 1590 7ff7334349b0 1588->1590 1589->1590 1590->1585 1593 7ff733546a87 1591->1593 1592 7ff73352b360 2 API calls 1592->1593 1593->1592 1594 7ff733546aa0 1593->1594 1595 7ff73355a248 2 API calls 1593->1595 1596 7ff733546aa6 1593->1596 1594->1586 1595->1593 1597 7ff733546ab1 1596->1597 1598 7ff733547300 2 API calls 1596->1598 1599 7ff733547320 2 API calls 1597->1599 1598->1597 1600 7ff733546ab7 1599->1600 1616 7ff7334341e0 1617 7ff7334341fb 1616->1617 1619 7ff73343422c 1616->1619 1618 7ff733546a7c 4 API calls 1617->1618 1617->1619 1618->1619 1729 7ff733434ec0 1732 7ff7334349c0 1729->1732 1733 7ff7334349d7 1732->1733 1734 7ff7334349cd ReleaseMutex 1732->1734 1735 7ff7334349ec 1733->1735 1736 7ff7334349e0 CloseHandle 1733->1736 1734->1733 1736->1735 1607 7ff733548730 1610 7ff733548744 1607->1610 1611 7ff733548739 1610->1611 1612 7ff733548767 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 1610->1612 1612->1611

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 00007FF733539C10 Relevance: 40.2, APIs: 32, Instructions: 230memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 0 7ff733539c10-7ff733539c22 VirtualFree 1 7ff733539c29-7ff733539c31 GetLastError 0->1 2 7ff733539c24-7ff733539c28 0->2 1->2 3 7ff733539c33-7ff733539c57 1->3 4 7ff733539c59-7ff733539c86 VirtualAlloc 3->4 5 7ff733539c97-7ff733539c9a 3->5 6 7ff733539cb9-7ff733539cc8 GetLastError 4->6 7 7ff733539c88-7ff733539c96 4->7 8 7ff733539f7c-7ff733539f7f 5->8 9 7ff733539ca0-7ff733539cad 5->9 10 7ff733539cda-7ff733539cfd Sleep VirtualAlloc 6->10 11 7ff733539cca-7ff733539ccf 6->11 9->6 10->7 13 7ff733539cff-7ff733539d0e GetLastError 10->13 11->10 12 7ff733539cd1-7ff733539cd4 11->12 12->10 14 7ff733539cd6-7ff733539cd8 12->14 15 7ff733539d1c-7ff733539d3f Sleep VirtualAlloc 13->15 16 7ff733539d10-7ff733539d15 13->16 14->7 15->7 18 7ff733539d45-7ff733539d54 GetLastError 15->18 16->15 17 7ff733539d17-7ff733539d1a 16->17 17->14 17->15 19 7ff733539d66-7ff733539d89 Sleep VirtualAlloc 18->19 20 7ff733539d56-7ff733539d5b 18->20 19->7 22 7ff733539d8f-7ff733539d9e GetLastError 19->22 20->19 21 7ff733539d5d-7ff733539d60 20->21 21->14 21->19 23 7ff733539db0-7ff733539dd3 Sleep VirtualAlloc 22->23 24 7ff733539da0-7ff733539da5 22->24 23->7 26 7ff733539dd9-7ff733539de8 GetLastError 23->26 24->23 25 7ff733539da7-7ff733539daa 24->25 25->14 25->23 27 7ff733539dfa-7ff733539e1d Sleep VirtualAlloc 26->27 28 7ff733539dea-7ff733539def 26->28 27->7 30 7ff733539e23-7ff733539e32 GetLastError 27->30 28->27 29 7ff733539df1-7ff733539df4 28->29 29->14 29->27 31 7ff733539e44-7ff733539e67 Sleep VirtualAlloc 30->31 32 7ff733539e34-7ff733539e39 30->32 31->7 34 7ff733539e6d-7ff733539e7c GetLastError 31->34 32->31 33 7ff733539e3b-7ff733539e3e 32->33 33->14 33->31 35 7ff733539e8e-7ff733539eb1 Sleep VirtualAlloc 34->35 36 7ff733539e7e-7ff733539e83 34->36 35->7 38 7ff733539eb7-7ff733539ec6 GetLastError 35->38 36->35 37 7ff733539e85-7ff733539e88 36->37 37->14 37->35 39 7ff733539ed8-7ff733539efb Sleep VirtualAlloc 38->39 40 7ff733539ec8-7ff733539ecd 38->40 39->7 42 7ff733539f01-7ff733539f10 GetLastError 39->42 40->39 41 7ff733539ecf-7ff733539ed2 40->41 41->14 41->39 43 7ff733539f22-7ff733539f45 Sleep VirtualAlloc 42->43 44 7ff733539f12-7ff733539f17 42->44 43->7 46 7ff733539f4b-7ff733539f5a GetLastError 43->46 44->43 45 7ff733539f19-7ff733539f1c 44->45 45->14 45->43 47 7ff733539f6c-7ff733539f77 Sleep 46->47 48 7ff733539f5c-7ff733539f61 46->48 48->47 49 7ff733539f63-7ff733539f66 48->49 49->14 49->47
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • VirtualFree.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00000000,?,-0000000400000000,?,00007FF733490851,00000000), ref: 00007FF733539C1A
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,-0000000400000000,?,00007FF733490851,00000000), ref: 00007FF733539C29
                                                                                                                                                                                                      • VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF733539C74
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000009.00000002.98282000514.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000009.00000002.98281969471.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282737220.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282929741.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282997540.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283027447.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283059753.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283059753.00007FF7336CE000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283312311.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283384450.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283423136.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_9_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Virtual$AllocErrorFreeLast
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3335258512-0
                                                                                                                                                                                                      • Opcode ID: 315132d2f4196db2e0ef58b7be68630e9b887776c040858538dba58e58013f56
                                                                                                                                                                                                      • Instruction ID: b79008ca1dca5520787996547e7028352799b1a8e36259ebb3c0a9ec0ae1c63b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 315132d2f4196db2e0ef58b7be68630e9b887776c040858538dba58e58013f56
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0481C8A0B09517A6FEF9373198597789692AF91FD2F941438C90E237D0DF3D6484A331
                                                                                                                                                                                                      Function 00007FF733460710 Relevance: 3.0, APIs: 2, Instructions: 37registryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegOpenKeyExW.KERNELBASE(?,?,?,?,00000000,00000000,?,00007FF733434CD8,?,?,?,?,?,?,?), ref: 00007FF733460746
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,00000000,00000000,?,00007FF733434CD8,?,?,?,?,?,?,?), ref: 00007FF733460782
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000009.00000002.98282000514.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000009.00000002.98281969471.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282737220.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282929741.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282997540.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283027447.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283059753.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283059753.00007FF7336CE000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283312311.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283384450.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283423136.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_9_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseOpen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 47109696-0
                                                                                                                                                                                                      • Opcode ID: e3557ee331a188c7b26bdb85238662f8b9453d79cd719b728d9fec46baa788f3
                                                                                                                                                                                                      • Instruction ID: a9bf8345256c3aa4d60c9f71c1e4f763a9c2b0f84569d12e9ee622809eea9864
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3557ee331a188c7b26bdb85238662f8b9453d79cd719b728d9fec46baa788f3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A01A262B29B5195FBA16F15E85077AB3A0AB84B94F414031EE4F57710DF3CD8509B50

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 00007FF733561898 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000009.00000002.98282000514.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000009.00000002.98281969471.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282737220.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282929741.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282997540.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283027447.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283059753.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283059753.00007FF7336CE000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283312311.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283384450.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283423136.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_9_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1239891234-0
                                                                                                                                                                                                      • Opcode ID: 301c91369949e6c25b39dc262e0779044610a613d1e48da04f9db163c67d1fd5
                                                                                                                                                                                                      • Instruction ID: 72851837223d983194a22dec425c88096fe90bfd73596d554ecf6cf9a2ad440d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 301c91369949e6c25b39dc262e0779044610a613d1e48da04f9db163c67d1fd5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF319336608B819AE7B0DF35E8402AEB7A0FB84794F941135EA9D53B55DF3CC155CB10
                                                                                                                                                                                                      Function 00007FF7335715C0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 117libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,00000000,00007FF7335713AC,?,?,00000000,00007FF733573BA3,?,?,E0000008,00007FF73355A02D,?,?,?,?,00007FF73355A055), ref: 00007FF73357173C
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00000000,00007FF7335713AC,?,?,00000000,00007FF733573BA3,?,?,E0000008,00007FF73355A02D,?,?,?,?,00007FF73355A055), ref: 00007FF733571748
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000009.00000002.98282000514.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000009.00000002.98281969471.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282737220.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282929741.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282997540.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283027447.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283059753.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283059753.00007FF7336CE000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283312311.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283384450.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283423136.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_9_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                      • String ID: MZx$api-ms-$ext-ms-
                                                                                                                                                                                                      • API String ID: 3013587201-2431898299
                                                                                                                                                                                                      • Opcode ID: 1c0b51afabdfd2ce2d78c2f91c13fe3ce45fd959fcde41136322f77e61717b62
                                                                                                                                                                                                      • Instruction ID: 56079b1b4df388fbcc17449785d2a814fd3d63779ac6337b84736cfdad3a9408
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c0b51afabdfd2ce2d78c2f91c13fe3ce45fd959fcde41136322f77e61717b62
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B415921B09612A5FAB1EB22A800A75A392BF45BD1FCD5135CD1D6B784EE3CE605E320
                                                                                                                                                                                                      Function 00007FF733559FB4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000009.00000002.98282000514.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000009.00000002.98281969471.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282737220.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282929741.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282997540.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283027447.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283059753.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283059753.00007FF7336CE000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283312311.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283384450.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283423136.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_9_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                      • Opcode ID: 8bd0295144ef2525132b3cec3283064c5315c8173e4712c00eba5eb8ce4db0c7
                                                                                                                                                                                                      • Instruction ID: ce9dd3cacedacf2e39bc1bdd509f5fd2cb78a649b828de763395434cf227d438
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8bd0295144ef2525132b3cec3283064c5315c8173e4712c00eba5eb8ce4db0c7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BFF0C8A1A19A02D5FB70AB20E8443759361FF45761FD01236D57E161F0CF2CE048E320
                                                                                                                                                                                                      Function 00007FF733548744 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000009.00000002.98282000514.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000009.00000002.98281969471.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282737220.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282929741.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282997540.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283027447.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283059753.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283059753.00007FF7336CE000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283312311.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283384450.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283423136.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_9_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2933794660-0
                                                                                                                                                                                                      • Opcode ID: 7c1acffd110d4b7a2723ca55418211ff424d7afa9db049cb556b1940badc3297
                                                                                                                                                                                                      • Instruction ID: 0dd9b3a3cfd707ae1a0900c5f0162255fe8aee4b64afad459a1c891a562f096d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c1acffd110d4b7a2723ca55418211ff424d7afa9db049cb556b1940badc3297
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0114822B14F129AFB909B61E8542B873A4FB58759F841A31DA2D927A4EF3CD1548350
                                                                                                                                                                                                      Function 00007FF7335488CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 165 7ff7335488cc-7ff7335488e9 166 7ff7335488eb-7ff7335488ee 165->166 167 7ff733548908-7ff733548912 165->167 166->167 170 7ff7335488f0-7ff7335488fe 166->170 168 7ff733548914-7ff73354892a RtlPcToFileHeader 167->168 169 7ff733548936-7ff733548972 RaiseException 167->169 171 7ff73354892c-7ff73354892f 168->171 172 7ff733548931 168->172 170->167 171->169 171->172 172->169
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF73354733F), ref: 00007FF73354891C
                                                                                                                                                                                                      • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF73354733F), ref: 00007FF73354895D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000009.00000002.98282000514.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000009.00000002.98281969471.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282737220.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282929741.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282997540.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283027447.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283059753.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283059753.00007FF7336CE000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283312311.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283384450.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283423136.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_9_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                      • API String ID: 2573137834-1018135373
                                                                                                                                                                                                      • Opcode ID: 3b9b2c36bb67c30cb83322aee829d9a0d145c1af0cc162130ac7f9b084d7e637
                                                                                                                                                                                                      • Instruction ID: 740f483391e4a1bf280df0ab2f206dbe7bb06ebe07c4df5d645fbe26bcff0753
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b9b2c36bb67c30cb83322aee829d9a0d145c1af0cc162130ac7f9b084d7e637
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF119032608B8082EB659F24F400259BBE5FB88B84F984230EECC17758DF3DC411D700
                                                                                                                                                                                                      Function 00007FF733434970 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 173 7ff733434970-7ff73343499b CreateMutexW 174 7ff73343499d-7ff7334349ad WaitForSingleObject 173->174 175 7ff7334349b0-7ff7334349b8 173->175 174->175
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateMutexW.KERNEL32(?,?,?,00007FF733434E78,?,?,?,00007FF73358475D), ref: 00007FF73343498E
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,?,?,00007FF733434E78,?,?,?,00007FF73358475D), ref: 00007FF7334349A5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000009.00000002.98282000514.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000009.00000002.98281969471.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282737220.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282929741.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98282997540.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283027447.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283059753.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283059753.00007FF7336CE000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283312311.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283384450.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000009.00000002.98283423136.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_9_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateMutexObjectSingleWait
                                                                                                                                                                                                      • String ID: {A946A6A9-917E-4949-B9BC-6BADA8C7FD63}
                                                                                                                                                                                                      • API String ID: 3113225513-1352562265
                                                                                                                                                                                                      • Opcode ID: 660c25fc20bc8be7404943b21a83553d18790ed32bdb0664fc46e80535c2f14d
                                                                                                                                                                                                      • Instruction ID: 367fe3c172576a492e91a87dab07d533d534b49aa1972f9a67fe420f32af024d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 660c25fc20bc8be7404943b21a83553d18790ed32bdb0664fc46e80535c2f14d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36E0D821B0D791C1F7A9AB79B8403B662919F48B00F98C034C59D53390DE3CD482D350

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:2.9%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                                                      Total number of Nodes:209
                                                                                                                                                                                                      Total number of Limit Nodes:10
                                                                                                                                                                                                      execution_graph 1696 7ff73349fbb0 1702 7ff73349f870 VirtualFree 1696->1702 1699 7ff73349fc2c ReleaseSRWLockExclusive 1701 7ff73349fbe7 1699->1701 1701->1699 1704 7ff7335396b0 1701->1704 1703 7ff73349f884 TryAcquireSRWLockExclusive 1702->1703 1703->1701 1705 7ff7335396d0 TryAcquireSRWLockExclusive 1704->1705 1706 7ff733539709 1705->1706 1707 7ff7335396da 1705->1707 1706->1701 1707->1705 1708 7ff7335396f5 AcquireSRWLockExclusive 1707->1708 1708->1706 1718 7ff733561898 1719 7ff7335618d2 1718->1719 1720 7ff7335618fa RtlCaptureContext RtlLookupFunctionEntry 1719->1720 1721 7ff73356196a IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 1720->1721 1722 7ff733561934 RtlVirtualUnwind 1720->1722 1723 7ff7335619bc 1721->1723 1722->1721 1724 7ff733548080 8 API calls 1723->1724 1725 7ff7335619db 1724->1725 1458 7ff733546a7c 1460 7ff733546a87 1458->1460 1461 7ff733546aa0 1460->1461 1463 7ff733546aa6 1460->1463 1468 7ff73355a248 1460->1468 1471 7ff73352b360 1460->1471 1464 7ff733546ab1 1463->1464 1475 7ff733547300 1463->1475 1479 7ff733547320 1464->1479 1483 7ff73355a290 1468->1483 1473 7ff73352b371 1471->1473 1472 7ff73352b38b 1472->1460 1473->1472 1489 7ff7335e9a40 1473->1489 1476 7ff73354730e 1475->1476 1492 7ff7335488cc 1476->1492 1478 7ff73354731f 1480 7ff73354732e 1479->1480 1481 7ff7335488cc 2 API calls 1480->1481 1482 7ff733546ab7 1481->1482 1488 7ff7335718c8 EnterCriticalSection 1483->1488 1485 7ff73355a29d 1486 7ff7335718e4 LeaveCriticalSection 1485->1486 1487 7ff73355a25a 1486->1487 1487->1460 1490 7ff73355a290 2 API calls 1489->1490 1491 7ff7335e9a4d 1490->1491 1491->1473 1495 7ff7335488eb 1492->1495 1493 7ff733548914 RtlPcToFileHeader 1496 7ff73354892c 1493->1496 1494 7ff733548936 RaiseException 1494->1478 1495->1493 1495->1494 1496->1494 1577 7ff733403560 1578 7ff733403594 1577->1578 1579 7ff7334036d0 RtlVirtualUnwind 1577->1579 1578->1579 1557 7ff733460710 RegOpenKeyExW 1558 7ff733460752 1557->1558 1560 7ff73346075a 1557->1560 1558->1560 1561 7ff733460782 RegCloseKey 1558->1561 1563 7ff733548080 1560->1563 1561->1560 1564 7ff733548089 1563->1564 1565 7ff733460778 1564->1565 1566 7ff7335481d0 IsProcessorFeaturePresent 1564->1566 1567 7ff7335481e8 1566->1567 1572 7ff733548314 RtlCaptureContext 1567->1572 1573 7ff73354832e RtlLookupFunctionEntry 1572->1573 1574 7ff7335481fb 1573->1574 1575 7ff733548344 RtlVirtualUnwind 1573->1575 1576 7ff733548388 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 1574->1576 1575->1573 1575->1574 1709 7ff7335698c0 1712 7ff733569e3c 1709->1712 1717 7ff7335718c8 EnterCriticalSection 1712->1717 1497 7ff733509a70 1498 7ff733509a84 1497->1498 1501 7ff733508d10 1498->1501 1504 7ff7335157a0 1501->1504 1503 7ff733508d2b 1505 7ff7335157fd 1504->1505 1512 7ff7335157d8 1504->1512 1514 7ff733546afc AcquireSRWLockExclusive 1505->1514 1507 7ff733515809 1508 7ff733515833 1507->1508 1509 7ff733546afc AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive 1507->1509 1507->1512 1510 7ff733546cc8 EnterCriticalSection LeaveCriticalSection 1508->1510 1508->1512 1509->1508 1511 7ff733515859 1510->1511 1513 7ff733546bb0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 1511->1513 1512->1503 1513->1512 1515 7ff733546b12 1514->1515 1516 7ff733546b17 ReleaseSRWLockExclusive 1515->1516 1518 7ff733546b1c SleepConditionVariableSRW 1515->1518 1518->1515 1620 7ff7336090e0 1621 7ff7336090f8 1620->1621 1628 7ff7335dd770 1621->1628 1624 7ff733609135 1625 7ff733546afc 3 API calls 1626 7ff73360914d 1625->1626 1626->1624 1632 7ff733546bb0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 1626->1632 1629 7ff7335dd77d 1628->1629 1633 7ff7335dd760 1629->1633 1638 7ff7335dd720 RaiseException 1633->1638 1635 7ff7335dd769 1636 7ff7335dd760 15 API calls 1635->1636 1637 7ff7335dd785 1636->1637 1637->1624 1637->1625 1645 7ff733559f40 1638->1645 1641 7ff7335dd720 14 API calls 1642 7ff7335dd769 1641->1642 1643 7ff7335dd760 14 API calls 1642->1643 1644 7ff7335dd785 1643->1644 1644->1635 1646 7ff73355a07c 1645->1646 1647 7ff73355a0eb 1646->1647 1648 7ff73355a0a1 GetModuleHandleW 1646->1648 1657 7ff73355a210 1647->1657 1648->1647 1653 7ff73355a0ae 1648->1653 1651 7ff73355a12e 1651->1641 1652 7ff73355a139 1669 7ff73355a048 1652->1669 1653->1647 1664 7ff733559fb4 GetModuleHandleExW 1653->1664 1676 7ff7335718c8 EnterCriticalSection 1657->1676 1659 7ff73355a22c 1660 7ff73355a144 EnterCriticalSection LeaveCriticalSection 1659->1660 1661 7ff73355a235 1660->1661 1662 7ff7335718e4 LeaveCriticalSection 1661->1662 1663 7ff73355a127 1662->1663 1663->1651 1663->1652 1665 7ff733559fe8 GetProcAddress 1664->1665 1666 7ff733559ffa 1664->1666 1665->1666 1667 7ff73355a01d 1666->1667 1668 7ff73355a016 FreeLibrary 1666->1668 1667->1647 1668->1667 1677 7ff73355a024 1669->1677 1671 7ff73355a055 1672 7ff73355a06a 1671->1672 1673 7ff73355a059 GetCurrentProcess TerminateProcess 1671->1673 1674 7ff733559fb4 3 API calls 1672->1674 1673->1672 1675 7ff73355a071 ExitProcess 1674->1675 1680 7ff733573b84 1677->1680 1679 7ff73355a02d 1679->1671 1681 7ff733573b95 1680->1681 1682 7ff733573ba3 1681->1682 1684 7ff733571384 1681->1684 1682->1679 1687 7ff7335715c0 1684->1687 1688 7ff7335713ac 1687->1688 1690 7ff733571618 1687->1690 1688->1682 1689 7ff73357164d LoadLibraryExW 1692 7ff733571722 1689->1692 1693 7ff733571672 GetLastError 1689->1693 1690->1688 1690->1689 1691 7ff733571742 GetProcAddress 1690->1691 1695 7ff7335716ac LoadLibraryExW 1690->1695 1691->1688 1692->1691 1694 7ff733571739 FreeLibrary 1692->1694 1693->1690 1694->1691 1695->1690 1695->1692 1519 7ff733539c10 VirtualFree 1520 7ff733539c29 GetLastError 1519->1520 1521 7ff733539c24 1519->1521 1520->1521 1522 7ff733539c33 1520->1522 1523 7ff733539c59 VirtualAlloc 1522->1523 1524 7ff733539c97 1522->1524 1525 7ff733539cb9 GetLastError 1523->1525 1526 7ff733539c88 1523->1526 1524->1525 1527 7ff733539f7c 1524->1527 1528 7ff733539cda Sleep VirtualAlloc 1525->1528 1529 7ff733539cca 1525->1529 1528->1526 1530 7ff733539cff GetLastError 1528->1530 1529->1526 1529->1528 1531 7ff733539d1c Sleep VirtualAlloc 1530->1531 1532 7ff733539d10 1530->1532 1531->1526 1533 7ff733539d45 GetLastError 1531->1533 1532->1526 1532->1531 1534 7ff733539d66 Sleep VirtualAlloc 1533->1534 1535 7ff733539d56 1533->1535 1534->1526 1536 7ff733539d8f GetLastError 1534->1536 1535->1526 1535->1534 1537 7ff733539db0 Sleep VirtualAlloc 1536->1537 1538 7ff733539da0 1536->1538 1537->1526 1539 7ff733539dd9 GetLastError 1537->1539 1538->1526 1538->1537 1540 7ff733539dfa Sleep VirtualAlloc 1539->1540 1541 7ff733539dea 1539->1541 1540->1526 1542 7ff733539e23 GetLastError 1540->1542 1541->1526 1541->1540 1543 7ff733539e44 Sleep VirtualAlloc 1542->1543 1544 7ff733539e34 1542->1544 1543->1526 1545 7ff733539e6d GetLastError 1543->1545 1544->1526 1544->1543 1546 7ff733539e8e Sleep VirtualAlloc 1545->1546 1547 7ff733539e7e 1545->1547 1546->1526 1548 7ff733539eb7 GetLastError 1546->1548 1547->1526 1547->1546 1549 7ff733539ed8 Sleep VirtualAlloc 1548->1549 1550 7ff733539ec8 1548->1550 1549->1526 1551 7ff733539f01 GetLastError 1549->1551 1550->1526 1550->1549 1552 7ff733539f22 Sleep VirtualAlloc 1551->1552 1553 7ff733539f12 1551->1553 1552->1526 1554 7ff733539f4b GetLastError 1552->1554 1553->1526 1553->1552 1555 7ff733539f6c Sleep 1554->1555 1556 7ff733539f5c 1554->1556 1556->1526 1556->1555 1583 7ff733434e60 1588 7ff733434970 CreateMutexW 1583->1588 1585 7ff733434e78 1586 7ff733434e88 1585->1586 1591 7ff733546a7c 1585->1591 1589 7ff73343499d WaitForSingleObject 1588->1589 1590 7ff7334349b0 1588->1590 1589->1590 1590->1585 1593 7ff733546a87 1591->1593 1592 7ff73352b360 2 API calls 1592->1593 1593->1592 1594 7ff733546aa0 1593->1594 1595 7ff73355a248 2 API calls 1593->1595 1596 7ff733546aa6 1593->1596 1594->1586 1595->1593 1597 7ff733546ab1 1596->1597 1598 7ff733547300 2 API calls 1596->1598 1599 7ff733547320 2 API calls 1597->1599 1598->1597 1600 7ff733546ab7 1599->1600 1616 7ff7334341e0 1617 7ff7334341fb 1616->1617 1619 7ff73343422c 1616->1619 1618 7ff733546a7c 4 API calls 1617->1618 1617->1619 1618->1619 1729 7ff733434ec0 1732 7ff7334349c0 1729->1732 1733 7ff7334349d7 1732->1733 1734 7ff7334349cd ReleaseMutex 1732->1734 1735 7ff7334349ec 1733->1735 1736 7ff7334349e0 CloseHandle 1733->1736 1734->1733 1736->1735 1607 7ff733548730 1610 7ff733548744 1607->1610 1611 7ff733548739 1610->1611 1612 7ff733548767 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 1610->1612 1612->1611

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 00007FF733539C10 Relevance: 40.2, APIs: 32, Instructions: 230memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 0 7ff733539c10-7ff733539c22 VirtualFree 1 7ff733539c29-7ff733539c31 GetLastError 0->1 2 7ff733539c24-7ff733539c28 0->2 1->2 3 7ff733539c33-7ff733539c57 1->3 4 7ff733539c59-7ff733539c86 VirtualAlloc 3->4 5 7ff733539c97-7ff733539c9a 3->5 6 7ff733539cb9-7ff733539cc8 GetLastError 4->6 7 7ff733539c88-7ff733539c96 4->7 8 7ff733539f7c-7ff733539f7f 5->8 9 7ff733539ca0-7ff733539cad 5->9 10 7ff733539cda-7ff733539cfd Sleep VirtualAlloc 6->10 11 7ff733539cca-7ff733539ccf 6->11 9->6 10->7 13 7ff733539cff-7ff733539d0e GetLastError 10->13 11->10 12 7ff733539cd1-7ff733539cd4 11->12 12->10 14 7ff733539cd6-7ff733539cd8 12->14 15 7ff733539d1c-7ff733539d3f Sleep VirtualAlloc 13->15 16 7ff733539d10-7ff733539d15 13->16 14->7 15->7 18 7ff733539d45-7ff733539d54 GetLastError 15->18 16->15 17 7ff733539d17-7ff733539d1a 16->17 17->14 17->15 19 7ff733539d66-7ff733539d89 Sleep VirtualAlloc 18->19 20 7ff733539d56-7ff733539d5b 18->20 19->7 22 7ff733539d8f-7ff733539d9e GetLastError 19->22 20->19 21 7ff733539d5d-7ff733539d60 20->21 21->14 21->19 23 7ff733539db0-7ff733539dd3 Sleep VirtualAlloc 22->23 24 7ff733539da0-7ff733539da5 22->24 23->7 26 7ff733539dd9-7ff733539de8 GetLastError 23->26 24->23 25 7ff733539da7-7ff733539daa 24->25 25->14 25->23 27 7ff733539dfa-7ff733539e1d Sleep VirtualAlloc 26->27 28 7ff733539dea-7ff733539def 26->28 27->7 30 7ff733539e23-7ff733539e32 GetLastError 27->30 28->27 29 7ff733539df1-7ff733539df4 28->29 29->14 29->27 31 7ff733539e44-7ff733539e67 Sleep VirtualAlloc 30->31 32 7ff733539e34-7ff733539e39 30->32 31->7 34 7ff733539e6d-7ff733539e7c GetLastError 31->34 32->31 33 7ff733539e3b-7ff733539e3e 32->33 33->14 33->31 35 7ff733539e8e-7ff733539eb1 Sleep VirtualAlloc 34->35 36 7ff733539e7e-7ff733539e83 34->36 35->7 38 7ff733539eb7-7ff733539ec6 GetLastError 35->38 36->35 37 7ff733539e85-7ff733539e88 36->37 37->14 37->35 39 7ff733539ed8-7ff733539efb Sleep VirtualAlloc 38->39 40 7ff733539ec8-7ff733539ecd 38->40 39->7 42 7ff733539f01-7ff733539f10 GetLastError 39->42 40->39 41 7ff733539ecf-7ff733539ed2 40->41 41->14 41->39 43 7ff733539f22-7ff733539f45 Sleep VirtualAlloc 42->43 44 7ff733539f12-7ff733539f17 42->44 43->7 46 7ff733539f4b-7ff733539f5a GetLastError 43->46 44->43 45 7ff733539f19-7ff733539f1c 44->45 45->14 45->43 47 7ff733539f6c-7ff733539f77 Sleep 46->47 48 7ff733539f5c-7ff733539f61 46->48 48->47 49 7ff733539f63-7ff733539f66 48->49 49->14 49->47
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • VirtualFree.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00000000,000027D4002B40A0,-0000000400000000,?,00007FF733490851,00000000), ref: 00007FF733539C1A
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,000027D4002B40A0,-0000000400000000,?,00007FF733490851,00000000), ref: 00007FF733539C29
                                                                                                                                                                                                      • VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF733539C74
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000032.00000002.98268524554.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000032.00000002.98268496537.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98268978733.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269074802.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269106431.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269131870.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269159074.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269159074.00007FF7336CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269222866.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269268650.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269295894.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_50_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Virtual$AllocErrorFreeLast
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3335258512-0
                                                                                                                                                                                                      • Opcode ID: 315132d2f4196db2e0ef58b7be68630e9b887776c040858538dba58e58013f56
                                                                                                                                                                                                      • Instruction ID: b79008ca1dca5520787996547e7028352799b1a8e36259ebb3c0a9ec0ae1c63b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 315132d2f4196db2e0ef58b7be68630e9b887776c040858538dba58e58013f56
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0481C8A0B09517A6FEF9373198597789692AF91FD2F941438C90E237D0DF3D6484A331
                                                                                                                                                                                                      Function 00007FF733460710 Relevance: 3.0, APIs: 2, Instructions: 37registryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegOpenKeyExW.KERNELBASE(?,?,?,?,00000000,00000000,?,00007FF733434CD8,?,?,?,?,?,?,?), ref: 00007FF733460746
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,00000000,00000000,?,00007FF733434CD8,?,?,?,?,?,?,?), ref: 00007FF733460782
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000032.00000002.98268524554.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000032.00000002.98268496537.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98268978733.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269074802.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269106431.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269131870.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269159074.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269159074.00007FF7336CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269222866.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269268650.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269295894.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_50_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseOpen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 47109696-0
                                                                                                                                                                                                      • Opcode ID: e3557ee331a188c7b26bdb85238662f8b9453d79cd719b728d9fec46baa788f3
                                                                                                                                                                                                      • Instruction ID: a9bf8345256c3aa4d60c9f71c1e4f763a9c2b0f84569d12e9ee622809eea9864
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3557ee331a188c7b26bdb85238662f8b9453d79cd719b728d9fec46baa788f3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A01A262B29B5195FBA16F15E85077AB3A0AB84B94F414031EE4F57710DF3CD8509B50

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 00007FF733561898 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000032.00000002.98268524554.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000032.00000002.98268496537.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98268978733.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269074802.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269106431.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269131870.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269159074.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269159074.00007FF7336CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269222866.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269268650.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269295894.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_50_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1239891234-0
                                                                                                                                                                                                      • Opcode ID: 301c91369949e6c25b39dc262e0779044610a613d1e48da04f9db163c67d1fd5
                                                                                                                                                                                                      • Instruction ID: 72851837223d983194a22dec425c88096fe90bfd73596d554ecf6cf9a2ad440d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 301c91369949e6c25b39dc262e0779044610a613d1e48da04f9db163c67d1fd5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF319336608B819AE7B0DF35E8402AEB7A0FB84794F941135EA9D53B55DF3CC155CB10
                                                                                                                                                                                                      Function 00007FF7335715C0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 117libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,00000000,00007FF7335713AC,?,?,00000000,00007FF733573BA3,?,?,E0000008,00007FF73355A02D,?,?,?,?,00007FF73355A055), ref: 00007FF73357173C
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00000000,00007FF7335713AC,?,?,00000000,00007FF733573BA3,?,?,E0000008,00007FF73355A02D,?,?,?,?,00007FF73355A055), ref: 00007FF733571748
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000032.00000002.98268524554.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000032.00000002.98268496537.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98268978733.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269074802.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269106431.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269131870.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269159074.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269159074.00007FF7336CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269222866.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269268650.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269295894.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_50_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                      • String ID: MZx$api-ms-$ext-ms-
                                                                                                                                                                                                      • API String ID: 3013587201-2431898299
                                                                                                                                                                                                      • Opcode ID: 1c0b51afabdfd2ce2d78c2f91c13fe3ce45fd959fcde41136322f77e61717b62
                                                                                                                                                                                                      • Instruction ID: 56079b1b4df388fbcc17449785d2a814fd3d63779ac6337b84736cfdad3a9408
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c0b51afabdfd2ce2d78c2f91c13fe3ce45fd959fcde41136322f77e61717b62
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B415921B09612A5FAB1EB22A800A75A392BF45BD1FCD5135CD1D6B784EE3CE605E320
                                                                                                                                                                                                      Function 00007FF733559FB4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000032.00000002.98268524554.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000032.00000002.98268496537.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98268978733.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269074802.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269106431.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269131870.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269159074.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269159074.00007FF7336CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269222866.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269268650.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269295894.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_50_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                      • Opcode ID: 8bd0295144ef2525132b3cec3283064c5315c8173e4712c00eba5eb8ce4db0c7
                                                                                                                                                                                                      • Instruction ID: ce9dd3cacedacf2e39bc1bdd509f5fd2cb78a649b828de763395434cf227d438
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8bd0295144ef2525132b3cec3283064c5315c8173e4712c00eba5eb8ce4db0c7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BFF0C8A1A19A02D5FB70AB20E8443759361FF45761FD01236D57E161F0CF2CE048E320
                                                                                                                                                                                                      Function 00007FF733548744 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000032.00000002.98268524554.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000032.00000002.98268496537.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98268978733.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269074802.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269106431.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269131870.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269159074.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269159074.00007FF7336CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269222866.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269268650.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269295894.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_50_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2933794660-0
                                                                                                                                                                                                      • Opcode ID: 7c1acffd110d4b7a2723ca55418211ff424d7afa9db049cb556b1940badc3297
                                                                                                                                                                                                      • Instruction ID: 0dd9b3a3cfd707ae1a0900c5f0162255fe8aee4b64afad459a1c891a562f096d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c1acffd110d4b7a2723ca55418211ff424d7afa9db049cb556b1940badc3297
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0114822B14F129AFB909B61E8542B873A4FB58759F841A31DA2D927A4EF3CD1548350
                                                                                                                                                                                                      Function 00007FF7335488CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 168 7ff7335488cc-7ff7335488e9 169 7ff7335488eb-7ff7335488ee 168->169 170 7ff733548908-7ff733548912 168->170 169->170 173 7ff7335488f0-7ff7335488fe 169->173 171 7ff733548914-7ff73354892a RtlPcToFileHeader 170->171 172 7ff733548936-7ff733548972 RaiseException 170->172 174 7ff73354892c-7ff73354892f 171->174 175 7ff733548931 171->175 173->170 174->172 174->175 175->172
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF73354733F), ref: 00007FF73354891C
                                                                                                                                                                                                      • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF73354733F), ref: 00007FF73354895D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000032.00000002.98268524554.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000032.00000002.98268496537.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98268978733.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269074802.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269106431.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269131870.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269159074.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269159074.00007FF7336CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269222866.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269268650.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269295894.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_50_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                      • API String ID: 2573137834-1018135373
                                                                                                                                                                                                      • Opcode ID: 3b9b2c36bb67c30cb83322aee829d9a0d145c1af0cc162130ac7f9b084d7e637
                                                                                                                                                                                                      • Instruction ID: 740f483391e4a1bf280df0ab2f206dbe7bb06ebe07c4df5d645fbe26bcff0753
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b9b2c36bb67c30cb83322aee829d9a0d145c1af0cc162130ac7f9b084d7e637
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF119032608B8082EB659F24F400259BBE5FB88B84F984230EECC17758DF3DC411D700
                                                                                                                                                                                                      Function 00007FF733434970 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 176 7ff733434970-7ff73343499b CreateMutexW 177 7ff73343499d-7ff7334349ad WaitForSingleObject 176->177 178 7ff7334349b0-7ff7334349b8 176->178 177->178
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateMutexW.KERNEL32(?,?,?,00007FF733434E78,?,?,?,00007FF73358475D), ref: 00007FF73343498E
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,?,?,00007FF733434E78,?,?,?,00007FF73358475D), ref: 00007FF7334349A5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000032.00000002.98268524554.00007FF733401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF733400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000032.00000002.98268496537.00007FF733400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98268978733.00007FF733659000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269074802.00007FF7336B8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269106431.00007FF7336B9000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269131870.00007FF7336BA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269159074.00007FF7336C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269159074.00007FF7336CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269222866.00007FF7336D4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269268650.00007FF7336EF000.00000020.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000032.00000002.98269295894.00007FF7336F1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_50_2_7ff733400000_setup.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateMutexObjectSingleWait
                                                                                                                                                                                                      • String ID: {A946A6A9-917E-4949-B9BC-6BADA8C7FD63}
                                                                                                                                                                                                      • API String ID: 3113225513-1352562265
                                                                                                                                                                                                      • Opcode ID: 660c25fc20bc8be7404943b21a83553d18790ed32bdb0664fc46e80535c2f14d
                                                                                                                                                                                                      • Instruction ID: 367fe3c172576a492e91a87dab07d533d534b49aa1972f9a67fe420f32af024d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 660c25fc20bc8be7404943b21a83553d18790ed32bdb0664fc46e80535c2f14d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36E0D821B0D791C1F7A9AB79B8403B662919F48B00F98C034C59D53390DE3CD482D350

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:3.4%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                      Signature Coverage:12.2%
                                                                                                                                                                                                      Total number of Nodes:1023
                                                                                                                                                                                                      Total number of Limit Nodes:9
                                                                                                                                                                                                      execution_graph 34915 ca81b0 34918 ca8210 GetTokenInformation 34915->34918 34919 ca828e GetLastError 34918->34919 34920 ca81e8 34918->34920 34919->34920 34921 ca8299 34919->34921 34922 ca82de GetTokenInformation 34921->34922 34923 ca82b9 34921->34923 34925 ca82a9 34921->34925 34922->34920 34927 ca84a0 47 API calls 34923->34927 34925->34922 34926 ca82c2 34926->34922 34927->34926 34928 cc9ba2 34929 cc9bae 34928->34929 34954 cc96f2 34929->34954 34931 cc9bb5 34932 cc9d08 34931->34932 34942 cc9bdf 34931->34942 35001 cca111 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 34932->35001 34934 cc9d0f 35002 cd9ef2 23 API calls 34934->35002 34936 cc9d15 35003 cd9eb6 23 API calls 34936->35003 34938 cc9d1d 34939 cc9bfe 34940 cc9c7f 34965 cca226 34940->34965 34942->34939 34942->34940 35000 cd9ecc 41 API calls 34942->35000 34943 cc9c85 34969 cb1fe0 GetCommandLineW 34943->34969 34955 cc96fb 34954->34955 35004 cc9d5c IsProcessorFeaturePresent 34955->35004 34957 cc9707 35005 cccbc9 10 API calls 34957->35005 34959 cc970c 34964 cc9710 34959->34964 35006 cda975 34959->35006 34962 cc9727 34962->34931 34964->34931 35071 ccadc0 34965->35071 34968 cca24c 34968->34943 34970 cb2020 34969->34970 35073 ca4f60 LocalAlloc 34970->35073 34972 cb2031 35074 ca8de0 34972->35074 34974 cb2089 34975 cb209d 34974->34975 34976 cb208d 34974->34976 35082 cb1130 LocalAlloc LocalAlloc 34975->35082 35129 ca89d0 81 API calls 34976->35129 34979 cb2096 34981 cb21e6 ExitProcess 34979->34981 34980 cb20a9 35083 cb1450 34980->35083 34987 cb20eb 35101 caae80 34987->35101 34989 cb2174 34995 cb21c8 34989->34995 35107 ca9060 34989->35107 34990 cb2142 34990->34989 34992 ca2af0 42 API calls 34990->34992 34992->34989 34993 cb21af 34994 cb21bb 34993->34994 34993->34995 35130 cb19b0 CreateFileW SetFilePointer WriteFile CloseHandle 34994->35130 35131 ca40e0 42 API calls 34995->35131 34998 cb21d7 35132 cb21f0 LocalFree LocalFree 34998->35132 35000->34940 35001->34934 35002->34936 35003->34938 35004->34957 35005->34959 35010 ce1b0a 35006->35010 35009 cccbe8 7 API calls 35009->34964 35011 ce1b1a 35010->35011 35012 cc9719 35010->35012 35011->35012 35014 cddcf0 35011->35014 35012->34962 35012->35009 35015 cddcfc 35014->35015 35026 cd8c61 EnterCriticalSection 35015->35026 35017 cddd03 35027 ce2078 35017->35027 35020 cddd21 35042 cddd47 LeaveCriticalSection 35020->35042 35023 cddd1c 35041 cddc3f GetStdHandle GetFileType 35023->35041 35024 cddd32 35024->35011 35026->35017 35028 ce2084 35027->35028 35029 ce20ae 35028->35029 35030 ce208d 35028->35030 35043 cd8c61 EnterCriticalSection 35029->35043 35051 cce440 14 API calls 35030->35051 35033 ce20ba 35039 ce20e6 35033->35039 35044 ce1fc8 35033->35044 35034 ce2092 35052 cce342 41 API calls 35034->35052 35036 cddd12 35036->35020 35040 cddb89 44 API calls 35036->35040 35053 ce210d LeaveCriticalSection 35039->35053 35040->35023 35041->35020 35042->35024 35043->35033 35054 cde125 35044->35054 35046 ce1fda 35050 ce1fe7 35046->35050 35061 cde7da 6 API calls 35046->35061 35062 cdc3f8 35050->35062 35051->35034 35052->35036 35053->35036 35060 cde132 35054->35060 35055 cde172 35069 cce440 14 API calls 35055->35069 35056 cde15d RtlAllocateHeap 35057 cde170 35056->35057 35056->35060 35057->35046 35060->35055 35060->35056 35068 ce1bb2 EnterCriticalSection LeaveCriticalSection 35060->35068 35061->35046 35063 cdc403 HeapFree 35062->35063 35067 cdc42d 35062->35067 35064 cdc418 GetLastError 35063->35064 35063->35067 35065 cdc425 35064->35065 35070 cce440 14 API calls 35065->35070 35067->35033 35068->35060 35069->35057 35070->35067 35072 cca239 GetStartupInfoW 35071->35072 35072->34968 35073->34972 35075 ca8e32 35074->35075 35076 ca8e74 35075->35076 35079 ca8e62 35075->35079 35077 cc9557 5 API calls 35076->35077 35078 ca8e82 35077->35078 35078->34974 35133 cc9557 35079->35133 35081 ca8e70 35081->34974 35082->34980 35084 cb1464 35083->35084 35089 cb1802 35083->35089 35085 cb1860 35084->35085 35084->35089 35141 ca8620 9 API calls 35085->35141 35087 cb186a RegOpenKeyExW 35088 cb1885 RegQueryValueExW 35087->35088 35087->35089 35088->35089 35090 ca2af0 35089->35090 35091 ca2b11 35090->35091 35091->35091 35142 ca3b90 35091->35142 35093 ca2b29 35094 ca9380 35093->35094 35150 ca2b30 35094->35150 35096 ca93c6 35168 ca9b40 35096->35168 35102 caae8a 35101->35102 35103 caae8d 35101->35103 35102->34990 35104 caae9a 35103->35104 35221 cd2cae 42 API calls 35103->35221 35104->34990 35106 caaead 35106->34990 35108 ca90a9 35107->35108 35109 ca9094 35107->35109 35222 ca6060 GetCurrentProcess OpenProcessToken 35108->35222 35109->34993 35111 ca90bc 35112 ca9196 35111->35112 35115 ca90d6 35111->35115 35113 ca1fe0 62 API calls 35112->35113 35114 ca91bd 35113->35114 35116 ca1fe0 62 API calls 35114->35116 35227 ca1fe0 35115->35227 35118 ca91d2 35116->35118 35120 ca1fe0 62 API calls 35118->35120 35119 ca90ea 35121 ca1fe0 62 API calls 35119->35121 35122 ca91e3 35120->35122 35123 ca9107 35121->35123 35293 ca7800 35122->35293 35124 ca1fe0 62 API calls 35123->35124 35126 ca9115 35124->35126 35246 ca6fe0 35126->35246 35128 ca912d 35128->34993 35129->34979 35130->34995 35131->34998 35132->34981 35134 cc955f 35133->35134 35135 cc9560 IsProcessorFeaturePresent 35133->35135 35134->35081 35137 cc990a 35135->35137 35140 cc98cd SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 35137->35140 35139 cc99ed 35139->35081 35140->35139 35141->35087 35143 ca3c65 35142->35143 35146 ca3ba4 35142->35146 35149 ca3700 42 API calls 35143->35149 35146->35093 35151 ca2b56 35150->35151 35152 ca2c17 35151->35152 35153 ca2b6b 35151->35153 35156 ca2b92 35151->35156 35158 ca2c12 35151->35158 35159 ca2bdc 35151->35159 35206 ca3700 42 API calls 35152->35206 35153->35096 35155 ca2c1c 35207 cce352 41 API calls 35155->35207 35156->35158 35160 ca2bc4 LocalAlloc 35156->35160 35205 ca3b70 RaiseException 35158->35205 35163 ca2be0 LocalAlloc 35159->35163 35167 ca2bed 35159->35167 35160->35155 35162 ca2bd1 35160->35162 35162->35167 35163->35167 35167->35096 35169 ca9b9a 35168->35169 35176 ca9d02 35168->35176 35173 ca9bc5 35169->35173 35169->35176 35170 ca9ce9 35171 cc9557 5 API calls 35170->35171 35172 ca93db 35171->35172 35195 ca9e60 35172->35195 35174 ca9be2 35173->35174 35175 ca9e41 35173->35175 35178 ca3b90 42 API calls 35174->35178 35215 ca46f0 42 API calls 35175->35215 35176->35170 35179 ca9e4b 35176->35179 35180 ca9d5b 35176->35180 35183 ca9c06 35178->35183 35217 ca46f0 42 API calls 35179->35217 35184 ca3b90 42 API calls 35180->35184 35181 ca9e46 35216 cce352 41 API calls 35181->35216 35208 caa160 45 API calls 35183->35208 35188 ca9d7f 35184->35188 35190 ca3d40 42 API calls 35188->35190 35189 ca9c21 35209 ca3d40 35189->35209 35190->35170 35192 ca9c6a 35192->35170 35192->35181 35193 ca9cde 35192->35193 35193->35170 35194 ca9ce2 LocalFree 35193->35194 35194->35170 35204 ca9edc 35195->35204 35196 ca93f3 35196->34987 35197 caa105 35197->35196 35199 caa11f LocalFree 35197->35199 35198 caa14f 35219 cce352 41 API calls 35198->35219 35199->35196 35201 caa154 35220 ca46f0 42 API calls 35201->35220 35204->35196 35204->35197 35204->35198 35204->35201 35208->35189 35210 ca3d6d 35209->35210 35211 ca3d97 35209->35211 35210->35192 35210->35209 35212 ca3d8a 35210->35212 35218 cce352 41 API calls 35210->35218 35211->35192 35212->35211 35213 ca3d90 LocalFree 35212->35213 35213->35211 35221->35106 35223 ca6081 35222->35223 35224 ca6087 GetTokenInformation 35222->35224 35223->35111 35225 ca60be CloseHandle 35224->35225 35226 ca60b6 35224->35226 35225->35111 35226->35225 35343 ca25b0 35227->35343 35230 ca2119 35362 ca18f0 LocalFree RaiseException 35230->35362 35232 ca20bb 35245 ca20cb 35232->35245 35363 ca18f0 LocalFree RaiseException 35232->35363 35234 ca212d 35235 ca201a 35235->35245 35358 ca1cd0 10 API calls 35235->35358 35237 ca2058 35238 ca2062 FindResourceW 35237->35238 35237->35245 35239 ca207a 35238->35239 35238->35245 35359 ca1d90 LoadResource LockResource SizeofResource 35239->35359 35241 ca2084 35242 ca20ab 35241->35242 35241->35245 35360 ca2820 41 API calls 35241->35360 35361 cce725 41 API calls 35242->35361 35245->35119 35247 ca6060 4 API calls 35246->35247 35248 ca702a 35247->35248 35249 ca7052 CoInitialize CoCreateInstance 35248->35249 35250 ca7030 35248->35250 35252 ca7095 VariantInit 35249->35252 35254 ca708c 35249->35254 35251 ca7800 85 API calls 35250->35251 35253 ca704a 35251->35253 35255 ca70e3 35252->35255 35257 cc9557 5 API calls 35253->35257 35254->35253 35256 ca7689 CoUninitialize 35254->35256 35259 ca70f2 IUnknown_QueryService 35255->35259 35266 ca70e9 VariantClear 35255->35266 35256->35253 35258 ca76a9 35257->35258 35258->35128 35261 ca7121 35259->35261 35259->35266 35262 ca71aa IUnknown_QueryInterface_Proxy 35261->35262 35261->35266 35263 ca71b9 35262->35263 35262->35266 35264 ca720c IUnknown_QueryInterface_Proxy 35263->35264 35263->35266 35265 ca721b CoAllowSetForegroundWindow 35264->35265 35264->35266 35267 ca722f SysAllocString 35265->35267 35268 ca7292 SysAllocString 35265->35268 35266->35254 35272 ca725a 35267->35272 35273 ca7262 SysAllocString 35267->35273 35268->35267 35269 ca76b2 35268->35269 35422 ca18f0 LocalFree RaiseException 35269->35422 35272->35269 35272->35273 35275 ca72ab VariantInit 35273->35275 35276 ca7288 35273->35276 35274 ca76c6 35274->35128 35288 ca7331 35275->35288 35276->35269 35276->35275 35277 ca7337 VariantClear VariantClear VariantClear VariantClear SysFreeString 35277->35266 35279 ca3b90 42 API calls 35279->35288 35282 ca3d40 42 API calls 35282->35288 35283 ca76ad 35421 cce352 41 API calls 35283->35421 35284 ca7428 LocalFree 35284->35288 35286 ca747d OpenProcess WaitForSingleObject 35286->35288 35289 ca74b2 GetExitCodeProcess 35286->35289 35287 ca746d 35287->35286 35420 ca6b60 10 API calls 35287->35420 35288->35277 35288->35279 35288->35282 35288->35283 35288->35284 35288->35286 35288->35287 35291 ca74cc CloseHandle 35288->35291 35292 ca7517 LocalFree 35288->35292 35370 ca4180 35288->35370 35398 ca62c0 CreateToolhelp32Snapshot 35288->35398 35289->35288 35291->35288 35292->35288 35294 ca7874 35293->35294 36187 ca2130 42 API calls 35294->36187 35296 ca788c 36188 ca2130 42 API calls 35296->36188 35298 ca78a3 36189 ca7fb0 54 API calls 35298->36189 35300 ca78bb 35301 ca7c8b 35300->35301 35303 ca78ea 35300->35303 36190 ca2820 41 API calls 35300->36190 36198 ca18f0 LocalFree RaiseException 35301->36198 36191 cd2ac9 43 API calls 35303->36191 35305 ca7c95 GetWindowThreadProcessId 35307 ca7cbe GetWindowLongW 35305->35307 35308 ca7cf1 35305->35308 35307->35128 35308->35128 35309 ca78f8 35309->35301 35310 ca7909 35309->35310 36192 ca2130 42 API calls 35310->36192 35312 ca7a08 35313 ca7a5d GetForegroundWindow 35312->35313 35314 ca7a66 35312->35314 35313->35314 35315 ca7a76 ShellExecuteExW 35314->35315 35316 ca7a87 35315->35316 35317 ca7a90 35315->35317 36195 ca7e40 6 API calls 35316->36195 35320 ca7acb 35317->35320 35322 ca7aa6 ShellExecuteExW 35317->35322 35318 ca79cf GetWindowsDirectoryW 36193 ca1960 65 API calls 35318->36193 35327 ca7bae 35320->35327 35328 ca7af7 GetModuleHandleW GetProcAddress 35320->35328 35322->35320 35323 ca7ac2 35322->35323 36196 ca7e40 6 API calls 35323->36196 35324 ca79f0 36194 ca1960 65 API calls 35324->36194 35330 ca7bd8 35327->35330 35331 ca7bc2 WaitForSingleObject GetExitCodeProcess 35327->35331 35332 ca7b1b AllowSetForegroundWindow 35328->35332 35329 ca791e 35329->35312 35329->35318 36197 ca7f30 CloseHandle 35330->36197 35331->35330 35332->35327 35335 ca7b2f 35332->35335 35335->35327 35337 ca7b38 GetModuleHandleW GetProcAddress 35335->35337 35336 ca7be7 35338 cc9557 5 API calls 35336->35338 35337->35327 35340 ca7b56 35337->35340 35339 ca7c83 35338->35339 35339->35128 35340->35327 35341 ca7b6c Sleep EnumWindows 35340->35341 35341->35340 35342 ca7b98 SetWindowPos 35341->35342 35342->35327 35344 ca25e8 35343->35344 35356 ca263c 35343->35356 35364 cc9618 AcquireSRWLockExclusive ReleaseSRWLockExclusive SleepConditionVariableSRW 35344->35364 35346 ca25f2 35348 ca25fe GetProcessHeap 35346->35348 35346->35356 35365 cc98b8 44 API calls 35348->35365 35350 ca2656 35357 ca2010 35350->35357 35368 cc98b8 44 API calls 35350->35368 35352 ca262b 35366 cc95c7 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 35352->35366 35353 ca26b6 35369 cc95c7 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 35353->35369 35356->35357 35367 cc9618 AcquireSRWLockExclusive ReleaseSRWLockExclusive SleepConditionVariableSRW 35356->35367 35357->35230 35357->35235 35358->35237 35359->35241 35360->35242 35361->35232 35362->35232 35363->35234 35364->35346 35365->35352 35366->35356 35367->35350 35368->35353 35369->35357 35423 ca4390 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 35370->35423 35372 ca4200 35373 ca4209 35372->35373 35376 ca42ef 35372->35376 35374 ca435c 35373->35374 35375 ca4233 35373->35375 35425 ca46f0 42 API calls 35374->35425 35379 ca3b90 42 API calls 35375->35379 35380 ca42d9 35376->35380 35381 ca4335 35376->35381 35377 cc9557 5 API calls 35382 ca4358 35377->35382 35384 ca4253 35379->35384 35380->35377 35424 ca4860 45 API calls 35381->35424 35382->35288 35383 ca4361 35426 cce352 41 API calls 35383->35426 35387 ca3d40 42 API calls 35384->35387 35390 ca4268 35384->35390 35387->35390 35389 ca42ce 35389->35380 35393 ca42d2 LocalFree 35389->35393 35390->35380 35390->35383 35390->35389 35393->35380 35399 ca635a CloseHandle 35398->35399 35400 ca6388 35398->35400 35401 ca6585 35399->35401 35402 ca639b Process32FirstW 35400->35402 35405 cc9557 5 API calls 35401->35405 35403 ca6552 35402->35403 35404 ca63c3 OpenProcess 35402->35404 35403->35401 35406 ca6574 CloseHandle 35403->35406 35415 ca63f5 35404->35415 35407 ca65d1 35405->35407 35406->35401 35407->35288 35408 ca6527 CloseHandle 35410 ca6537 Process32NextW 35408->35410 35410->35403 35410->35404 35411 ca3b90 42 API calls 35411->35415 35412 ca65d5 35458 cb26ca RaiseException 35412->35458 35415->35408 35415->35410 35415->35411 35415->35412 35416 ca3d40 42 API calls 35415->35416 35417 ca64ff 35415->35417 35427 ca66b0 35415->35427 35453 ca6f60 35415->35453 35416->35415 35457 ca6d30 49 API calls 35417->35457 35420->35287 35422->35274 35423->35372 35424->35380 35459 ca6160 GetSystemDirectoryW 35427->35459 35430 ca6730 GetProcAddress 35431 ca69bc GetLastError 35430->35431 35432 ca6746 NtQueryInformationProcess 35430->35432 35447 ca67b6 35431->35447 35438 ca6773 35432->35438 35432->35447 35433 ca6a14 FreeLibrary 35434 ca6a25 35433->35434 35435 cc9557 5 API calls 35434->35435 35437 ca6a3e 35435->35437 35437->35415 35439 ca6786 ReadProcessMemory 35438->35439 35440 ca67ec 35439->35440 35439->35447 35441 ca67f9 ReadProcessMemory 35440->35441 35442 ca6853 35441->35442 35441->35447 35443 ca68b5 35442->35443 35442->35447 35473 ca4620 45 API calls 35442->35473 35444 ca68d8 ReadProcessMemory 35443->35444 35446 ca691f 35444->35446 35444->35447 35446->35447 35448 ca6962 35446->35448 35449 ca6a42 35446->35449 35447->35433 35447->35434 35448->35447 35450 ca6966 LocalFree 35448->35450 35474 cce352 41 API calls 35449->35474 35450->35447 35454 ca6f75 35453->35454 35477 caaf70 35454->35477 35457->35415 35460 ca61d3 35459->35460 35466 ca6225 35459->35466 35461 ca1fe0 62 API calls 35460->35461 35460->35466 35462 ca61e6 35461->35462 35475 ca2890 43 API calls 35462->35475 35463 ca627b GetLastError 35464 ca6284 35463->35464 35467 cc9557 5 API calls 35464->35467 35466->35463 35466->35464 35468 ca62a8 35467->35468 35468->35430 35468->35447 35469 ca61f9 35476 ca2890 43 API calls 35469->35476 35471 ca6208 35471->35466 35472 ca621a LoadLibraryExW 35471->35472 35472->35466 35473->35444 35475->35469 35476->35471 35482 cad000 35477->35482 35479 ca6fa9 35479->35415 35480 cab810 74 API calls 35481 caafa8 35480->35481 35481->35479 35481->35480 35517 cb67d7 35482->35517 35484 cad046 35523 ca33a0 35484->35523 35486 cad070 35542 cacd50 35486->35542 35488 cad083 35489 cad0b7 35488->35489 35490 cad0ac 35488->35490 35492 cad0ea 35488->35492 35491 cc9557 5 API calls 35489->35491 35490->35489 35493 cad0b0 LocalFree 35490->35493 35494 cad0e1 35491->35494 35606 cce352 41 API calls 35492->35606 35493->35489 35494->35481 35607 ca8700 LocalAlloc 35517->35607 35519 cb67e2 35520 cb67f6 35519->35520 35608 cb655b 14 API calls 35519->35608 35520->35484 35522 cb67f4 35522->35484 35524 ca345f 35523->35524 35525 ca33b4 35523->35525 35609 ca3700 42 API calls 35524->35609 35526 ca33b9 35525->35526 35529 ca33e9 LocalAlloc 35525->35529 35532 ca342b 35525->35532 35533 ca3422 35525->35533 35526->35486 35528 ca3464 35610 ca3b70 RaiseException 35528->35610 35534 ca3469 35529->35534 35535 ca3403 35529->35535 35536 ca342f LocalAlloc 35532->35536 35538 ca343c 35532->35538 35533->35528 35533->35529 35611 cce352 41 API calls 35534->35611 35535->35538 35536->35538 35538->35486 35612 cb6674 35542->35612 35544 cacd88 35624 cb68b7 35544->35624 35550 cb67d7 15 API calls 35551 cad046 35550->35551 35552 ca33a0 44 API calls 35551->35552 35554 cad070 35552->35554 35556 cacd50 107 API calls 35554->35556 35558 cad083 35556->35558 35560 cad0b7 35558->35560 35563 cad0ac 35558->35563 35568 cad0ea 35558->35568 35566 cc9557 5 API calls 35560->35566 35561 cacef8 35565 cacf13 35561->35565 35713 ccdfa3 14 API calls 35561->35713 35562 cace6f 35578 cace59 35562->35578 35711 ccdfa3 14 API calls 35562->35711 35563->35560 35569 cad0b0 LocalFree 35563->35569 35572 cacf2e 35565->35572 35714 ccdfa3 14 API calls 35565->35714 35571 cad0e1 35566->35571 35725 cce352 41 API calls 35568->35725 35569->35560 35571->35488 35573 cacf49 35572->35573 35715 ccdfa3 14 API calls 35572->35715 35577 cacf64 35573->35577 35716 ccdfa3 14 API calls 35573->35716 35581 cacf7f 35577->35581 35717 ccdfa3 14 API calls 35577->35717 35578->35578 35702 cb67bd 35578->35702 35718 cb690f 35581->35718 35585 cacf95 35586 cacfa9 35585->35586 35706 cb2727 35585->35706 35586->35488 35607->35519 35608->35522 35613 cb6680 35612->35613 35614 cb68b7 7 API calls 35613->35614 35615 cb668b 35614->35615 35616 cb66bc 35615->35616 35617 cb67d7 15 API calls 35615->35617 35618 cb690f 2 API calls 35616->35618 35619 cb669e 35617->35619 35620 cb66f9 35618->35620 35726 cb67fa 43 API calls 35619->35726 35620->35544 35622 cb66a6 35727 cacc30 35622->35727 35625 cb68cd 35624->35625 35626 cb68c6 35624->35626 35628 cacdaf 35625->35628 35732 cc8cf7 EnterCriticalSection 35625->35732 35731 cd8cc8 6 API calls 35626->35731 35628->35585 35630 cb4bd3 35628->35630 35733 cd8baf 35630->35733 35633 cacc30 14 API calls 35634 cb4bf7 35633->35634 35738 cb4b3d 35634->35738 35636 cace15 35636->35578 35637 cb4c09 35636->35637 35638 cb4c15 35637->35638 35669 cb4c5c 35638->35669 36151 cac020 35638->36151 35640 cb4da9 35755 cc6ac2 35640->35755 35641 cb4d57 35641->35640 35645 cac020 9 API calls 35641->35645 35643 cac020 9 API calls 35648 cb4c86 35643->35648 35651 cb4d7f 35645->35651 35646 cb4c61 36169 cac8e0 79 API calls 35646->36169 35647 cb4c36 36157 ca8700 LocalAlloc 35647->36157 35653 cb4cab 35648->35653 35654 cb4c8d 35648->35654 35650 cb4dcd 35849 cbebd4 35650->35849 35658 cb4dae 35651->35658 35659 cb4d85 35651->35659 36171 cb40c9 72 API calls 35653->36171 36170 ca8700 LocalAlloc 35654->36170 35656 cb4c67 35663 cb4a74 10 API calls 35656->35663 36178 cb4034 72 API calls 35658->36178 36177 ca8700 LocalAlloc 35659->36177 35660 cb4c3d 35666 cb4c50 35660->35666 36158 cac3f0 41 API calls 35660->36158 35663->35669 35664 cb4dd8 36000 cbe6f8 35664->36000 36159 cb4a74 35666->36159 35667 cb4c94 35674 cb4a74 10 API calls 35667->35674 35668 cb4db4 35673 cb4a74 10 API calls 35668->35673 35669->35641 35669->35643 35671 cb4d8c 35680 cb4a74 10 API calls 35671->35680 35673->35640 35677 cb4cbe 35674->35677 35675 cb4de4 35679 cacc30 14 API calls 35675->35679 35678 cac020 9 API calls 35677->35678 35681 cb4ccb 35678->35681 35682 cb4dfd 35679->35682 35680->35640 35683 cb4cd2 35681->35683 35684 cb4cf0 35681->35684 35682->35562 36172 ca8700 LocalAlloc 35683->36172 36173 cb415e 72 API calls 35684->36173 35687 cb4cd9 35688 cb4a74 10 API calls 35687->35688 35689 cb4d01 35688->35689 35690 cac020 9 API calls 35689->35690 35691 cb4d0e 35690->35691 35692 cb4d5c 35691->35692 35693 cb4d12 35691->35693 36176 cb41f3 72 API calls 35692->36176 36174 ca8700 LocalAlloc 35693->36174 35696 cb4d64 35698 cb4a74 10 API calls 35696->35698 35697 cb4d1c 35699 cb4d45 35697->35699 36175 cb46a5 42 API calls 35697->36175 35698->35641 35701 cb4a74 10 API calls 35699->35701 35701->35641 35703 cb67c9 35702->35703 35704 cacee4 35702->35704 35705 cd8baf 68 API calls 35703->35705 35704->35561 35712 ccdfa3 14 API calls 35704->35712 35705->35704 36179 cb263a 35706->36179 35710 cacff3 35710->35550 35711->35578 35712->35561 35713->35565 35714->35572 35715->35573 35716->35577 35717->35581 35719 cb6919 35718->35719 35720 cd8cd6 35718->35720 35721 cb692c 35719->35721 36185 cc8d05 LeaveCriticalSection 35719->36185 36186 cd8cb1 LeaveCriticalSection 35720->36186 35721->35585 35724 cd8cdd 35724->35585 35726->35622 35728 cacc60 35727->35728 35730 cacc6a 35727->35730 35729 ccdfa3 14 API calls 35728->35729 35728->35730 35729->35730 35730->35616 35731->35628 35732->35628 35734 cde935 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 35733->35734 35735 cd8bbc 35734->35735 35736 cd895a 68 API calls 35735->35736 35737 cb4bdf 35736->35737 35737->35633 35739 cb4bc8 35738->35739 35751 cb4b4b 35738->35751 35740 cb2727 42 API calls 35739->35740 35741 cb4bd2 35740->35741 35743 cd8baf 68 API calls 35741->35743 35742 cd8baf 68 API calls 35745 cb4b8f 35742->35745 35744 cb4bdf 35743->35744 35750 cacc30 14 API calls 35744->35750 35746 cacc30 14 API calls 35745->35746 35748 cb4bc2 35745->35748 35746->35748 35747 cb4b5d 35747->35742 35748->35636 35749 cd8baf 68 API calls 35749->35751 35752 cb4bf7 35750->35752 35751->35745 35751->35747 35751->35749 35753 cb4b3d 69 API calls 35752->35753 35754 cb4c03 35753->35754 35754->35636 35756 cc6ace 35755->35756 35757 cc57a2 76 API calls 35756->35757 35758 cc6ada 35757->35758 35759 cc6b31 35758->35759 35760 cac020 9 API calls 35758->35760 35761 cc6b85 35759->35761 35762 cac020 9 API calls 35759->35762 35764 cc6af7 35760->35764 35763 cc6cf8 35761->35763 35766 cac020 9 API calls 35761->35766 35765 cc6b5b 35762->35765 35767 cc6db0 35763->35767 35770 cac020 9 API calls 35763->35770 35768 cc6afb 35764->35768 35769 cc6b36 35764->35769 35772 cc6b8a 35765->35772 35773 cc6b61 35765->35773 35774 cc6bb1 35766->35774 35767->35650 35771 ca8700 LocalAlloc 35768->35771 35775 cc51dc 76 API calls 35769->35775 35776 cc6d26 35770->35776 35777 cc6b05 35771->35777 35781 cc5271 72 API calls 35772->35781 35778 ca8700 LocalAlloc 35773->35778 35779 cc6bb8 35774->35779 35780 cc6bd6 35774->35780 35782 cc6b3e 35775->35782 35783 cc6d2c 35776->35783 35784 cc6d57 35776->35784 35785 cc6b1d 35777->35785 35792 cc8f53 41 API calls 35777->35792 35786 cc6b68 35778->35786 35787 ca8700 LocalAlloc 35779->35787 35788 cc5306 72 API calls 35780->35788 35789 cc6b90 35781->35789 35790 cb4a74 10 API calls 35782->35790 35791 ca8700 LocalAlloc 35783->35791 35793 cc555a 73 API calls 35784->35793 35797 cb4a74 10 API calls 35785->35797 35799 cb4a74 10 API calls 35786->35799 35794 cc6bbf 35787->35794 35788->35794 35795 cb4a74 10 API calls 35789->35795 35790->35759 35796 cc6d33 35791->35796 35792->35785 35798 cc6d4d 35793->35798 35800 cb4a74 10 API calls 35794->35800 35795->35761 35796->35798 35801 cc5684 44 API calls 35796->35801 35797->35759 35802 cb4a74 10 API calls 35798->35802 35799->35761 35803 cc6be9 35800->35803 35801->35798 35804 cc6d68 35802->35804 35805 cac020 9 API calls 35803->35805 35806 cac020 9 API calls 35804->35806 35807 cc6bf6 35805->35807 35808 cc6d75 35806->35808 35809 cc6bfd 35807->35809 35810 cc6c1b 35807->35810 35811 cc6d79 35808->35811 35812 cc6db5 35808->35812 35813 ca8700 LocalAlloc 35809->35813 35814 cc539b 72 API calls 35810->35814 35815 ca8700 LocalAlloc 35811->35815 35817 cc55ef 72 API calls 35812->35817 35816 cc6c04 35813->35816 35814->35816 35818 cc6d82 35815->35818 35821 cb4a74 10 API calls 35816->35821 35819 cc6dbd 35817->35819 35820 cc6da4 35818->35820 35823 cc6a99 14 API calls 35818->35823 35822 cb4a74 10 API calls 35819->35822 35825 cb4a74 10 API calls 35820->35825 35824 cc6c2c 35821->35824 35822->35767 35823->35820 35826 cac020 9 API calls 35824->35826 35825->35767 35827 cc6c39 35826->35827 35828 cc6c85 35827->35828 35829 cc6c40 35827->35829 35830 cc54c5 72 API calls 35828->35830 35831 ca8700 LocalAlloc 35829->35831 35833 cc6c75 35830->35833 35832 cc6c47 35831->35832 35832->35833 35834 cc6996 42 API calls 35832->35834 35835 cb4a74 10 API calls 35833->35835 35834->35833 35836 cc6c98 35835->35836 35837 cac020 9 API calls 35836->35837 35838 cc6ca5 35837->35838 35839 cc6cfd 35838->35839 35840 cc6ca9 35838->35840 35841 cc5430 72 API calls 35839->35841 35842 ca8700 LocalAlloc 35840->35842 35844 cc6d05 35841->35844 35843 cc6cb3 35842->35843 35845 cc6ce0 35843->35845 35847 cc6996 42 API calls 35843->35847 35846 cb4a74 10 API calls 35844->35846 35848 cb4a74 10 API calls 35845->35848 35846->35763 35847->35845 35848->35763 35850 cbebe0 35849->35850 35851 cbec37 35850->35851 35852 cac020 9 API calls 35850->35852 35855 cac020 9 API calls 35851->35855 35975 cbed3a 35851->35975 35854 cbebfc 35852->35854 35853 cbba1c 76 API calls 35856 cbed5b 35853->35856 35857 cbec3c 35854->35857 35858 cbec00 35854->35858 35859 cbec66 35855->35859 35866 cac020 9 API calls 35856->35866 35911 cbedb1 35856->35911 35860 cab810 74 API calls 35857->35860 35861 ca8700 LocalAlloc 35858->35861 35862 cbec8b 35859->35862 35863 cbec6d 35859->35863 35865 cbec44 35860->35865 35867 cbec0a 35861->35867 35864 cbaeae 72 API calls 35862->35864 35868 ca8700 LocalAlloc 35863->35868 35874 cbec74 35864->35874 35869 cb4a74 10 API calls 35865->35869 35870 cbed75 35866->35870 35871 cbec27 35867->35871 35878 cabd10 41 API calls 35867->35878 35868->35874 35869->35851 35875 cbed79 35870->35875 35876 cbedb6 35870->35876 35888 cb4a74 10 API calls 35871->35888 35872 cac020 9 API calls 35879 cbeddd 35872->35879 35873 cbee09 35877 cbef7e 35873->35877 35880 cac020 9 API calls 35873->35880 35881 cb4a74 10 API calls 35874->35881 35883 ca8700 LocalAlloc 35875->35883 35882 cba71d 76 API calls 35876->35882 35884 cac020 9 API calls 35877->35884 35969 cbf03c 35877->35969 35878->35871 35885 cbee0e 35879->35885 35886 cbede3 35879->35886 35887 cbee37 35880->35887 35889 cbec9f 35881->35889 35890 cbedbe 35882->35890 35901 cbed83 35883->35901 35892 cbefae 35884->35892 35891 cba8dc 72 API calls 35885->35891 35894 ca8700 LocalAlloc 35886->35894 35895 cbee5b 35887->35895 35896 cbee3d 35887->35896 35888->35851 35898 cac020 9 API calls 35889->35898 35899 cb4a74 10 API calls 35890->35899 35900 cbee14 35891->35900 35903 cbefdf 35892->35903 35904 cbefb4 35892->35904 35893 cac020 9 API calls 35905 cbf066 35893->35905 35906 cbedea 35894->35906 35897 cbaa06 72 API calls 35895->35897 35907 ca8700 LocalAlloc 35896->35907 35908 cbee44 35897->35908 35910 cbecac 35898->35910 35899->35911 35912 cb4a74 10 API calls 35900->35912 35902 cbed9b 35901->35902 35913 cc8f53 41 API calls 35901->35913 35921 cb4a74 10 API calls 35902->35921 35909 cbb102 73 API calls 35903->35909 35914 ca8700 LocalAlloc 35904->35914 35915 cbf06c 35905->35915 35916 cbf097 35905->35916 35923 cb4a74 10 API calls 35906->35923 35907->35908 35928 cb4a74 10 API calls 35908->35928 35926 cbefd5 35909->35926 35917 cbecb3 35910->35917 35918 cbecd1 35910->35918 35911->35872 35911->35873 35912->35873 35913->35902 35919 cbefbb 35914->35919 35920 ca8700 LocalAlloc 35915->35920 35922 cba5f3 72 API calls 35916->35922 35924 ca8700 LocalAlloc 35917->35924 35925 caec40 73 API calls 35918->35925 35919->35926 35931 cbb36a 44 API calls 35919->35931 35927 cbf073 35920->35927 35921->35911 35929 cbf09d 35922->35929 35923->35873 35930 cbecba 35924->35930 35925->35930 35934 cb4a74 10 API calls 35926->35934 35932 cbf086 35927->35932 35936 cbb300 41 API calls 35927->35936 35933 cbee6d 35928->35933 35935 cb4a74 10 API calls 35929->35935 35941 cb4a74 10 API calls 35930->35941 35931->35926 35937 cb4a74 10 API calls 35932->35937 35938 cac020 9 API calls 35933->35938 35939 cbeff1 35934->35939 35940 cbf092 35935->35940 35936->35932 35937->35940 35942 cbee7a 35938->35942 35943 cac020 9 API calls 35939->35943 35940->35664 35944 cbece2 35941->35944 35945 cbee9f 35942->35945 35946 cbee81 35942->35946 35947 cbeffe 35943->35947 35949 cac020 9 API calls 35944->35949 35948 cbab30 72 API calls 35945->35948 35950 ca8700 LocalAlloc 35946->35950 35951 cbf002 35947->35951 35952 cbf041 35947->35952 35955 cbee88 35948->35955 35954 cbecef 35949->35954 35950->35955 35956 ca8700 LocalAlloc 35951->35956 35953 caeb00 73 API calls 35952->35953 35957 cbf049 35953->35957 35958 cbed3f 35954->35958 35959 cbecf3 35954->35959 35961 cb4a74 10 API calls 35955->35961 35960 cbf00c 35956->35960 35962 cb4a74 10 API calls 35957->35962 35964 caf2c0 75 API calls 35958->35964 35963 ca8700 LocalAlloc 35959->35963 35965 cbf02c 35960->35965 35967 caffc0 42 API calls 35960->35967 35968 cbeeb0 35961->35968 35962->35969 35970 cbecfd 35963->35970 35966 cbed47 35964->35966 35972 cb4a74 10 API calls 35965->35972 35971 cb4a74 10 API calls 35966->35971 35967->35965 35973 cac020 9 API calls 35968->35973 35969->35893 35969->35940 35974 cbed26 35970->35974 35977 cafdd0 44 API calls 35970->35977 35971->35975 35972->35969 35976 cbeebd 35973->35976 35980 cb4a74 10 API calls 35974->35980 35975->35853 35978 cbef07 35976->35978 35979 cbeec4 35976->35979 35977->35974 35982 cbad84 72 API calls 35978->35982 35981 ca8700 LocalAlloc 35979->35981 35980->35975 35983 cbeecb 35981->35983 35984 cbeef7 35982->35984 35983->35984 35985 cbe148 42 API calls 35983->35985 35986 cb4a74 10 API calls 35984->35986 35985->35984 35987 cbef1c 35986->35987 35988 cac020 9 API calls 35987->35988 35989 cbef29 35988->35989 35990 cbef2d 35989->35990 35991 cbef83 35989->35991 35993 ca8700 LocalAlloc 35990->35993 35992 cbacef 72 API calls 35991->35992 35994 cbef8b 35992->35994 35995 cbef37 35993->35995 35996 cb4a74 10 API calls 35994->35996 35997 cbef64 35995->35997 35998 cbe148 42 API calls 35995->35998 35996->35877 35999 cb4a74 10 API calls 35997->35999 35998->35997 35999->35877 36001 cbe704 36000->36001 36002 cac020 9 API calls 36001->36002 36003 cbe75b 36001->36003 36005 cbe720 36002->36005 36006 cac020 9 API calls 36003->36006 36126 cbe85e 36003->36126 36004 cbb97a 76 API calls 36007 cbe87f 36004->36007 36008 cbe760 36005->36008 36009 cbe724 36005->36009 36010 cbe78a 36006->36010 36018 cac020 9 API calls 36007->36018 36019 cbe8d5 36007->36019 36011 cba7b2 72 API calls 36008->36011 36012 ca8700 LocalAlloc 36009->36012 36013 cbe7af 36010->36013 36014 cbe791 36010->36014 36017 cbe768 36011->36017 36024 cbe72e 36012->36024 36016 cbae19 72 API calls 36013->36016 36015 ca8700 LocalAlloc 36014->36015 36021 cbe798 36015->36021 36016->36021 36022 cb4a74 10 API calls 36017->36022 36023 cbe899 36018->36023 36026 cac020 9 API calls 36019->36026 36071 cbe92d 36019->36071 36020 cbeaa2 36029 cbeb60 36020->36029 36040 cac020 9 API calls 36020->36040 36038 cb4a74 10 API calls 36021->36038 36022->36003 36030 cbe8da 36023->36030 36031 cbe89d 36023->36031 36025 cbe74b 36024->36025 36032 cbe213 41 API calls 36024->36032 36037 cb4a74 10 API calls 36025->36037 36027 cbe901 36026->36027 36033 cbe932 36027->36033 36034 cbe907 36027->36034 36028 cac020 9 API calls 36036 cbe95b 36028->36036 36035 cbebb6 36029->36035 36045 cac020 9 API calls 36029->36045 36039 cba688 76 API calls 36030->36039 36041 ca8700 LocalAlloc 36031->36041 36032->36025 36049 cba847 72 API calls 36033->36049 36044 ca8700 LocalAlloc 36034->36044 36035->35675 36046 cbe97f 36036->36046 36047 cbe961 36036->36047 36037->36003 36048 cbe7c3 36038->36048 36050 cbe8e2 36039->36050 36042 cbead2 36040->36042 36043 cbe8a7 36041->36043 36051 cbead8 36042->36051 36052 cbeb03 36042->36052 36053 cbe8bf 36043->36053 36062 cc8f53 41 API calls 36043->36062 36054 cbe90e 36044->36054 36055 cbeb8a 36045->36055 36057 cba971 72 API calls 36046->36057 36056 ca8700 LocalAlloc 36047->36056 36058 cac020 9 API calls 36048->36058 36059 cbe938 36049->36059 36060 cb4a74 10 API calls 36050->36060 36061 ca8700 LocalAlloc 36051->36061 36065 cbb06d 75 API calls 36052->36065 36074 cb4a74 10 API calls 36053->36074 36076 cb4a74 10 API calls 36054->36076 36063 cbebbb 36055->36063 36064 cbeb90 36055->36064 36066 cbe968 36056->36066 36057->36066 36067 cbe7d0 36058->36067 36068 cb4a74 10 API calls 36059->36068 36060->36019 36072 cbeadf 36061->36072 36062->36053 36075 cba55e 72 API calls 36063->36075 36073 ca8700 LocalAlloc 36064->36073 36079 cbeaf9 36065->36079 36081 cb4a74 10 API calls 36066->36081 36069 cbe7d7 36067->36069 36070 cbe7f5 36067->36070 36068->36071 36077 ca8700 LocalAlloc 36069->36077 36078 cbaf43 72 API calls 36070->36078 36071->36020 36071->36028 36072->36079 36085 cbb337 46 API calls 36072->36085 36080 cbeb97 36073->36080 36074->36019 36082 cbebc1 36075->36082 36076->36071 36084 cbe7de 36077->36084 36078->36084 36087 cb4a74 10 API calls 36079->36087 36086 cbebaa 36080->36086 36089 cbb2c9 41 API calls 36080->36089 36088 cbe991 36081->36088 36083 cb4a74 10 API calls 36082->36083 36083->36035 36093 cb4a74 10 API calls 36084->36093 36085->36079 36090 cb4a74 10 API calls 36086->36090 36091 cbeb15 36087->36091 36092 cac020 9 API calls 36088->36092 36089->36086 36090->36035 36094 cac020 9 API calls 36091->36094 36095 cbe99e 36092->36095 36099 cbe806 36093->36099 36096 cbeb22 36094->36096 36097 cbe9c3 36095->36097 36098 cbe9a5 36095->36098 36100 cbeb26 36096->36100 36101 cbeb65 36096->36101 36103 cbaa9b 72 API calls 36097->36103 36102 ca8700 LocalAlloc 36098->36102 36104 cac020 9 API calls 36099->36104 36105 ca8700 LocalAlloc 36100->36105 36107 cbb197 72 API calls 36101->36107 36106 cbe9ac 36102->36106 36103->36106 36108 cbe813 36104->36108 36109 cbeb30 36105->36109 36115 cb4a74 10 API calls 36106->36115 36110 cbeb6d 36107->36110 36111 cbe863 36108->36111 36112 cbe817 36108->36112 36113 cbeb50 36109->36113 36118 cbe395 42 API calls 36109->36118 36116 cb4a74 10 API calls 36110->36116 36114 cbafd8 74 API calls 36111->36114 36117 ca8700 LocalAlloc 36112->36117 36123 cb4a74 10 API calls 36113->36123 36119 cbe86b 36114->36119 36120 cbe9d4 36115->36120 36116->36029 36121 cbe821 36117->36121 36118->36113 36122 cb4a74 10 API calls 36119->36122 36124 cac020 9 API calls 36120->36124 36125 cbe84a 36121->36125 36128 cbe24c 44 API calls 36121->36128 36122->36126 36123->36029 36127 cbe9e1 36124->36127 36129 cb4a74 10 API calls 36125->36129 36126->36004 36130 cbea2b 36127->36130 36131 cbe9e8 36127->36131 36128->36125 36129->36126 36133 cbac5a 74 API calls 36130->36133 36132 ca8700 LocalAlloc 36131->36132 36134 cbe9ef 36132->36134 36135 cbea1b 36133->36135 36134->36135 36136 cbe07d 44 API calls 36134->36136 36137 cb4a74 10 API calls 36135->36137 36136->36135 36138 cbea40 36137->36138 36139 cac020 9 API calls 36138->36139 36140 cbea4d 36139->36140 36141 cbea51 36140->36141 36142 cbeaa7 36140->36142 36144 ca8700 LocalAlloc 36141->36144 36143 cbabc5 74 API calls 36142->36143 36145 cbeaaf 36143->36145 36146 cbea5b 36144->36146 36148 cb4a74 10 API calls 36145->36148 36147 cbea88 36146->36147 36149 cbe07d 44 API calls 36146->36149 36150 cb4a74 10 API calls 36147->36150 36148->36020 36149->36147 36150->36020 36152 cac04b 36151->36152 36153 cac07d 36151->36153 36154 cb68b7 7 API calls 36152->36154 36153->35646 36153->35647 36155 cac055 36154->36155 36156 cb690f LeaveCriticalSection LeaveCriticalSection 36155->36156 36156->36153 36157->35660 36158->35666 36160 cb4a80 36159->36160 36161 cb68b7 7 API calls 36160->36161 36162 cb4a8a 36161->36162 36163 cb4b37 36162->36163 36165 cb4ab8 36162->36165 36164 cb26ad RaiseException 36163->36164 36167 cb4b3c 36164->36167 36166 cb690f LeaveCriticalSection LeaveCriticalSection 36165->36166 36168 cb4b31 36166->36168 36168->35669 36169->35656 36170->35667 36171->35667 36172->35687 36173->35687 36174->35697 36175->35699 36176->35696 36177->35671 36178->35668 36180 cb0310 41 API calls 36179->36180 36181 cb264c 36180->36181 36182 ccaba5 36181->36182 36183 ccabec RaiseException 36182->36183 36184 ccabbf 36182->36184 36183->35710 36184->36183 36185->35721 36186->35724 36187->35296 36188->35298 36189->35300 36190->35303 36191->35309 36192->35329 36193->35324 36194->35312 36195->35317 36196->35320 36197->35336 36198->35305

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 00CA6FE0 Relevance: 44.3, APIs: 24, Strings: 1, Instructions: 559comCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 0 ca6fe0-ca702e call ca6060 3 ca7052-ca708a CoInitialize CoCreateInstance 0->3 4 ca7030-ca704d call ca7800 0->4 6 ca708c-ca7090 3->6 7 ca7095-ca70e7 VariantInit 3->7 12 ca7692-ca76ac call cc9557 4->12 9 ca7661-ca766a 6->9 20 ca70e9-ca70ed 7->20 21 ca70f2-ca7116 IUnknown_QueryService 7->21 10 ca767c-ca7687 9->10 11 ca766c-ca767a 9->11 14 ca7689 CoUninitialize 10->14 15 ca768f 10->15 11->10 14->15 15->12 22 ca7635-ca763e 20->22 23 ca7118-ca711c 21->23 24 ca7121-ca7145 21->24 25 ca7650-ca765b VariantClear 22->25 26 ca7640-ca764e 22->26 27 ca761a-ca7623 23->27 33 ca7150-ca717b 24->33 34 ca7147-ca714b 24->34 25->9 26->25 27->22 29 ca7625-ca7633 27->29 29->22 40 ca717d-ca7181 33->40 41 ca7186-ca71ae IUnknown_QueryInterface_Proxy 33->41 35 ca75ff-ca7608 34->35 35->27 36 ca760a-ca7618 35->36 36->27 42 ca75e4-ca75ed 40->42 45 ca71b9-ca71dd 41->45 46 ca71b0-ca71b4 41->46 42->35 44 ca75ef-ca75fd 42->44 44->35 53 ca71e8-ca7210 IUnknown_QueryInterface_Proxy 45->53 54 ca71df-ca71e3 45->54 48 ca75c9-ca75d2 46->48 48->42 50 ca75d4-ca75e2 48->50 50->42 58 ca721b-ca722d CoAllowSetForegroundWindow 53->58 59 ca7212-ca7216 53->59 55 ca75ae-ca75b7 54->55 55->48 56 ca75b9-ca75c7 55->56 56->48 62 ca722f-ca7231 58->62 63 ca7292-ca72a3 SysAllocString 58->63 61 ca7593-ca759c 59->61 61->55 64 ca759e-ca75ac 61->64 67 ca7237-ca7258 SysAllocString 62->67 65 ca72a9 63->65 66 ca76bc-ca7702 call ca18f0 63->66 64->55 65->67 77 ca7714-ca7723 66->77 78 ca7704-ca7712 66->78 69 ca725a-ca725c 67->69 70 ca7262-ca7286 SysAllocString 67->70 69->70 73 ca76b2-ca76b7 call cb2270 69->73 74 ca72ab-ca7335 VariantInit 70->74 75 ca7288-ca728a 70->75 73->66 83 ca7340-ca7344 74->83 84 ca7337-ca733b 74->84 75->73 79 ca7290 75->79 78->77 79->74 86 ca734a-ca734f 83->86 87 ca7540 83->87 85 ca7544-ca758d VariantClear * 4 SysFreeString 84->85 85->61 88 ca7352-ca7371 86->88 87->85 89 ca7377-ca7380 88->89 89->89 90 ca7382-ca73fe call ca3b90 call ca4180 call ca62c0 call ca3d40 89->90 99 ca742f-ca744b 90->99 100 ca7400-ca7411 90->100 103 ca744d-ca7450 99->103 104 ca7452 99->104 101 ca7413-ca741e 100->101 102 ca7424-ca7426 100->102 101->102 105 ca76ad call cce352 101->105 102->99 106 ca7428-ca7429 LocalFree 102->106 107 ca7459-ca745b 103->107 104->107 105->73 106->99 108 ca74e0-ca74ef 107->108 109 ca7461-ca746b 107->109 111 ca7533-ca753a 108->111 112 ca74f1-ca7500 108->112 113 ca747d-ca74b0 OpenProcess WaitForSingleObject 109->113 114 ca746d-ca747b call ca6b60 109->114 111->87 111->88 117 ca7502-ca750d 112->117 118 ca7513-ca7515 112->118 115 ca74ba-ca74ca 113->115 116 ca74b2-ca74b4 GetExitCodeProcess 113->116 114->113 121 ca74cc-ca74d3 CloseHandle 115->121 122 ca74dd 115->122 116->115 117->105 117->118 123 ca751e-ca752c 118->123 124 ca7517-ca7518 LocalFree 118->124 121->122 122->108 123->111 124->123
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00CA6060: GetCurrentProcess.KERNEL32(00000008,?,1EC26200), ref: 00CA6070
                                                                                                                                                                                                        • Part of subcall function 00CA6060: OpenProcessToken.ADVAPI32(00000000), ref: 00CA6077
                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00CA7052
                                                                                                                                                                                                      • CoCreateInstance.OLE32(00CEED30,00000000,00000004,00CF9370,00000000,?), ref: 00CA7082
                                                                                                                                                                                                      • CoUninitialize.COMBASE ref: 00CA7689
                                                                                                                                                                                                        • Part of subcall function 00CA18F0: LocalFree.KERNEL32(?,1EC26200,?,00000000,00CEA160,000000FF,?,?,00CFF358,?,?,00CA1E54,80004005), ref: 00CA193C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Process$CreateCurrentFreeInitializeInstanceLocalOpenTokenUninitialize
                                                                                                                                                                                                      • String ID: $
                                                                                                                                                                                                      • API String ID: 3404539012-3993045852
                                                                                                                                                                                                      • Opcode ID: f37cee594d5504af5718b9139d2569f1eded792bfd9bb08b364ff94973b2c034
                                                                                                                                                                                                      • Instruction ID: bd222dc6b39d2f20fccd57f9daa299a8b499ff0087b92010ea537dd551e3943f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f37cee594d5504af5718b9139d2569f1eded792bfd9bb08b364ff94973b2c034
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B32B070A08299DFDF15CFA8CC48BADBBB8BF0A308F144299E405EB291D7749E45CB51
                                                                                                                                                                                                      Function 00CA66B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 257librarynativeloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 125 ca66b0-ca672a call ca6160 128 ca69c8-ca69ef 125->128 129 ca6730-ca6740 GetProcAddress 125->129 132 ca69f9-ca6a12 128->132 130 ca69bc-ca69c2 GetLastError 129->130 131 ca6746-ca676d NtQueryInformationProcess 129->131 130->128 131->128 138 ca6773-ca67b4 call ccadc0 ReadProcessMemory 131->138 133 ca6a14-ca6a1b FreeLibrary 132->133 134 ca6a25-ca6a41 call cc9557 132->134 133->134 141 ca67ec-ca681e call ccadc0 ReadProcessMemory 138->141 142 ca67b6-ca67e7 138->142 145 ca6853-ca6859 141->145 146 ca6820-ca684e 141->146 142->132 147 ca685b-ca687b 145->147 148 ca6880-ca68b3 145->148 146->132 147->132 149 ca68cb-ca68d3 call ca4620 148->149 150 ca68b5-ca68c9 148->150 151 ca68d8-ca691d ReadProcessMemory 149->151 150->151 153 ca691f-ca693c 151->153 154 ca6983-ca69ba 151->154 155 ca693e-ca694f 153->155 156 ca696d-ca6981 153->156 154->132 157 ca6962-ca6964 155->157 158 ca6951-ca695c 155->158 156->132 157->156 160 ca6966-ca6967 LocalFree 157->160 158->157 159 ca6a42-ca6a59 call cce352 158->159 163 ca6a5b-ca6a7d 159->163 164 ca6a7e-ca6a80 159->164 160->156 163->164
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00CA6160: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00CA61C5
                                                                                                                                                                                                        • Part of subcall function 00CA6160: LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,000000FF,00CEAA0D,000000FF), ref: 00CA621F
                                                                                                                                                                                                        • Part of subcall function 00CA6160: GetLastError.KERNEL32(?,?,?,000000FF,00CEAA0D,000000FF), ref: 00CA627B
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,NtQueryInformationProcess), ref: 00CA6736
                                                                                                                                                                                                      • NtQueryInformationProcess.NTDLL ref: 00CA6761
                                                                                                                                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,000001D8,00000000), ref: 00CA67A4
                                                                                                                                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,00000048,00000000), ref: 00CA680B
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00CA69BC
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 00CA6A15
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • NtQueryInformationProcess, xrefs: 00CA6730
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Process$ErrorLastLibraryMemoryRead$AddressDirectoryFreeInformationLoadProcQuerySystem
                                                                                                                                                                                                      • String ID: NtQueryInformationProcess
                                                                                                                                                                                                      • API String ID: 862929643-2781105232
                                                                                                                                                                                                      • Opcode ID: 26f4927b5fb55d3bdd29dad5668da62a7b67c9c9d482deb95650e0169381ca32
                                                                                                                                                                                                      • Instruction ID: 48d9c4fc6638e21f480882d388ed1d672b1a0888babed4920a5fcbc547177c17
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26f4927b5fb55d3bdd29dad5668da62a7b67c9c9d482deb95650e0169381ca32
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1EB15D70D10759DADB20CF64C8487AEBBB4FF49308F24465DE449A7290E7B5AAC8CB91
                                                                                                                                                                                                      Function 00CA62C0 Relevance: 10.7, APIs: 7, Instructions: 232processCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 167 ca62c0-ca6358 CreateToolhelp32Snapshot 168 ca635a-ca6383 CloseHandle 167->168 169 ca6388-ca63bd call ccadc0 Process32FirstW 167->169 170 ca6585-ca6591 168->170 175 ca6552-ca6572 169->175 176 ca63c3-ca63f3 OpenProcess 169->176 172 ca65b8-ca65d4 call cc9557 170->172 173 ca6593-ca65b1 170->173 173->172 175->170 178 ca6574-ca657b CloseHandle 175->178 180 ca6409-ca643e call ca66b0 176->180 181 ca63f5-ca6404 176->181 178->170 188 ca6441-ca644a 180->188 183 ca6527-ca652d CloseHandle 181->183 185 ca6537-ca654c Process32NextW 183->185 185->175 185->176 188->188 189 ca644c-ca6488 call ca3b90 188->189 192 ca648e-ca64e7 call ca6f60 call ca3d40 * 2 189->192 193 ca65d5-ca6617 call cb26ca 189->193 206 ca64e9-ca64ef 192->206 207 ca650e-ca6524 192->207 197 ca663a-ca664b 193->197 198 ca6619-ca6633 193->198 198->197 208 ca64ff-ca6509 call ca6d30 206->208 209 ca64f1-ca64fd 206->209 207->185 210 ca6526 207->210 208->207 209->207 210->183
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,1EC26200), ref: 00CA6332
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00CA6373
                                                                                                                                                                                                      • Process32FirstW.KERNEL32(?,0000022C), ref: 00CA63B5
                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,?), ref: 00CA63D0
                                                                                                                                                                                                      • CloseHandle.KERNELBASE(?), ref: 00CA6527
                                                                                                                                                                                                      • Process32NextW.KERNEL32(?,0000022C), ref: 00CA6544
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00CA6575
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandle$Process32$CreateFirstNextOpenProcessSnapshotToolhelp32
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 708755948-0
                                                                                                                                                                                                      • Opcode ID: cf490302c9a6e755bdf29bcc4ee0f9764518f5146b3e320153fb95bfac551f4b
                                                                                                                                                                                                      • Instruction ID: 89578496926a1bb61dd297227fa3877a79936c00e99aa69c332e2bf4b45e4169
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf490302c9a6e755bdf29bcc4ee0f9764518f5146b3e320153fb95bfac551f4b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AFA15CB0905259DFDB20DF64CD8CB9DBBB8EB05318F1442D9E419A7290DBB4AE84DF50
                                                                                                                                                                                                      Function 00CACD50 Relevance: 6.6, APIs: 3, Strings: 1, Instructions: 582COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 213 cacd50-cacda1 call cb6674 216 cacda3 213->216 217 cacda5-cace03 call cb68b7 213->217 216->217 220 cacfe9-cad07e call cb2727 call cb67d7 call ca33a0 call cacd50 217->220 221 cace09-cace2c call cb4bd3 217->221 247 cad083-cad090 220->247 226 cace30-cace34 221->226 228 cace50-cace52 226->228 229 cace36-cace38 226->229 234 cace55-cace57 228->234 232 cace3a-cace40 229->232 233 cace4c-cace4e 229->233 232->228 236 cace42-cace4a 232->236 233->234 237 cace59-cace5d 234->237 238 cace5f-cace6a call cb4c09 234->238 236->226 236->233 240 caced7-cacedf call cb67bd 237->240 242 cace6f-cace80 238->242 248 cacee4-cacef0 240->248 245 cace82 242->245 246 cace84-cace8c 242->246 245->246 249 cace8e-cace90 246->249 250 caced4 246->250 251 cad092-cad09d 247->251 252 cad0b7-cad0e7 call cc9557 247->252 253 cacefb-cacf0b 248->253 254 cacef2-cacef8 call ccdfa3 248->254 255 cace9b-cacea4 249->255 256 cace92-cace98 call ccdfa3 249->256 250->240 257 cad09f-cad0aa 251->257 258 cad0ac-cad0ae 251->258 260 cacf0d-cacf13 call ccdfa3 253->260 261 cacf16-cacf26 253->261 254->253 255->250 266 cacea6-caceab 255->266 256->255 257->258 264 cad0ea-cad17c call cce352 257->264 258->252 267 cad0b0-cad0b1 LocalFree 258->267 260->261 270 cacf28-cacf2e call ccdfa3 261->270 271 cacf31-cacf41 261->271 292 cad17e-cad182 264->292 293 cad184-cad18a 264->293 275 cacead 266->275 276 caceb6-cacec7 call cd2b7b 266->276 267->252 270->271 272 cacf4c-cacf5c 271->272 273 cacf43-cacf49 call ccdfa3 271->273 281 cacf5e-cacf64 call ccdfa3 272->281 282 cacf67-cacf77 272->282 273->272 283 caceb0-caceb4 275->283 276->250 297 cacec9-caced1 call ccaf20 276->297 281->282 289 cacf79-cacf7f call ccdfa3 282->289 290 cacf82-cacfa7 call cb690f 282->290 283->276 283->283 289->290 305 cacfa9-cacfba 290->305 306 cacfbd-cacfd5 290->306 298 cad18e-cad19d call cce440 292->298 293->298 297->250 307 cad1a0-cad1ac 298->307 306->220 316 cacfd7-cacfe5 306->316 309 cad1ae-cad1c6 307->309 310 cad1e3-cad1ed call ca4980 307->310 311 cad1c8-cad1d2 309->311 312 cad1d5-cad1e1 309->312 315 cad1f2-cad21d call cd8507 310->315 311->312 312->315 320 cad2bf-cad2f0 315->320 321 cad223-cad226 315->321 316->220 322 cad2f2-cad2fa 320->322 323 cad355-cad36d 320->323 324 cad228-cad22a 321->324 325 cad22f-cad25b call cb1030 321->325 328 cad2fc-cad302 322->328 329 cad347 322->329 326 cad28c-cad2bc call cc9557 323->326 327 cad373-cad384 323->327 324->307 325->326 338 cad25d-cad26e 325->338 333 cad38a-cad395 327->333 334 cad281-cad283 327->334 335 cad322-cad334 328->335 336 cad304-cad30b 328->336 331 cad34b-cad353 329->331 331->322 331->323 333->334 341 cad39b-cad40f call cce352 call ccdfa3 333->341 334->326 339 cad285-cad286 LocalFree 334->339 345 cad337-cad345 335->345 336->335 342 cad30d-cad320 336->342 338->334 343 cad270-cad27b 338->343 339->326 351 cad418-cad429 341->351 352 cad411-cad412 LocalFree 341->352 342->345 343->334 343->341 345->329 345->331 352->351
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,?,?,00CF9719,00000000,00CF9719), ref: 00CAD0B1
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,00000010,00000000,1EC26200,00CF9719), ref: 00CAD286
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeLocal
                                                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                                                      • API String ID: 2826327444-1405518554
                                                                                                                                                                                                      • Opcode ID: 798c5d2ad7834f8c9513162db23062bac9842f3ae71ea249660778deaea24649
                                                                                                                                                                                                      • Instruction ID: b15dd3b93c43faadb95df92a6a063000a1b313931cf7442a157c56afcd058df2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 798c5d2ad7834f8c9513162db23062bac9842f3ae71ea249660778deaea24649
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D122ACB1D00249DFDF10DFA8C884BAEBBB5EF09304F144169E856AB381E735AE44CB91
                                                                                                                                                                                                      Function 00CA6060 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 353 ca6060-ca607f GetCurrentProcess OpenProcessToken 354 ca6081-ca6086 353->354 355 ca6087-ca60b4 GetTokenInformation 353->355 356 ca60be-ca60ce CloseHandle 355->356 357 ca60b6-ca60bb 355->357 357->356
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000008,?,1EC26200), ref: 00CA6070
                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00CA6077
                                                                                                                                                                                                      • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?), ref: 00CA60AC
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00CA60C2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 215268677-0
                                                                                                                                                                                                      • Opcode ID: 058d42d27c2d3cd84cebe9976ea632c2b144bf5cb19bb01e50575b66fce02342
                                                                                                                                                                                                      • Instruction ID: 93f9f21d60b59b0755fb78648b4ed9da92d33917cdd465d1b1cc058897b83bc0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 058d42d27c2d3cd84cebe9976ea632c2b144bf5cb19bb01e50575b66fce02342
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B5F062B4144301ABE7109F20EC89B5E7BE8BB44744F448819F980C6160D7B8965CEA63
                                                                                                                                                                                                      Function 00CB1FE0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCommandLineW.KERNEL32(1EC26200,?,0000FFFF), ref: 00CB200D
                                                                                                                                                                                                        • Part of subcall function 00CA4F60: LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,00000000,00000000,?,?), ref: 00CA4F7D
                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00CB21E7
                                                                                                                                                                                                        • Part of subcall function 00CA89D0: CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00CA8A4D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocCommandCreateExitFileLineLocalProcess
                                                                                                                                                                                                      • String ID: Full command line:
                                                                                                                                                                                                      • API String ID: 1878577176-831861440
                                                                                                                                                                                                      • Opcode ID: 36d81cb03ca7dc2424d59e2a749b19d04c84dd26216d63962b56e761cd755100
                                                                                                                                                                                                      • Instruction ID: 7cea4f71dc64a2438fab8503d561980221120fd04c4d74608c23f9464a709d57
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36d81cb03ca7dc2424d59e2a749b19d04c84dd26216d63962b56e761cd755100
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8851C330C111699BCF25EB24CC99BEEB7B4AF52344F1441D8E009672A2EF741F48EBA1
                                                                                                                                                                                                      Function 00CA8210 Relevance: 4.6, APIs: 3, Instructions: 85COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 416 ca8210-ca828c GetTokenInformation 417 ca828e-ca8297 GetLastError 416->417 418 ca82f0-ca8303 416->418 417->418 419 ca8299-ca82a7 417->419 420 ca82a9-ca82ac 419->420 421 ca82ae 419->421 422 ca82db 420->422 423 ca82de-ca82ea GetTokenInformation 421->423 424 ca82b0-ca82b7 421->424 422->423 423->418 425 ca82b9-ca82c5 call ca84a0 424->425 426 ca82c7-ca82d8 call ccadc0 424->426 425->423 426->422
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00CA81E8,1EC26200), ref: 00CA8284
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,TokenIntegrityLevel,00000000,00000000,00CA81E8,1EC26200), ref: 00CA828E
                                                                                                                                                                                                      • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),?,00000000,00000000,?,TokenIntegrityLevel,00000000,00000000,00CA81E8,1EC26200), ref: 00CA82EA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InformationToken$ErrorLast
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2567405617-0
                                                                                                                                                                                                      • Opcode ID: 82713d46a3c83b9d262c1b201013176f73248211af8d5b213948a7ce29540b21
                                                                                                                                                                                                      • Instruction ID: ecb7149ce04db2bdb909c880df3f55647b7262651d80434da46377b3ab3a520b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82713d46a3c83b9d262c1b201013176f73248211af8d5b213948a7ce29540b21
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C318E71A0060AAFD724CF99CC85BBFFBB9FB45714F10462DE415A7280DBB5A9048BA0
                                                                                                                                                                                                      Function 00CDE125 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 431 cde125-cde130 432 cde13e-cde144 431->432 433 cde132-cde13c 431->433 435 cde15d-cde16e RtlAllocateHeap 432->435 436 cde146-cde147 432->436 433->432 434 cde172-cde17d call cce440 433->434 440 cde17f-cde181 434->440 437 cde149-cde150 call cdc280 435->437 438 cde170 435->438 436->435 437->434 444 cde152-cde15b call ce1bb2 437->444 438->440 444->434 444->435
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000008,?,?,?,00CDC9B7,00000001,00000364,?,00000006,000000FF,?,00CCE012,?,?,?), ref: 00CDE166
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                      • Opcode ID: 30438f18f62375ff2cba0ef545aa5fdd911e925d9812709eefecec8edba96f10
                                                                                                                                                                                                      • Instruction ID: 1e0041b6880d325859666afc58a8a66e03cf02895f771b7a25ece56cd27e56f5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 30438f18f62375ff2cba0ef545aa5fdd911e925d9812709eefecec8edba96f10
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76F0E271300264A7DB217A639C45F5F775AAF41BA0B188123FE28DE382CA30DE01D2E1
                                                                                                                                                                                                      Function 00CDCB0A Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 447 cdcb0a-cdcb16 448 cdcb48-cdcb53 call cce440 447->448 449 cdcb18-cdcb1a 447->449 457 cdcb55-cdcb57 448->457 450 cdcb1c-cdcb1d 449->450 451 cdcb33-cdcb44 RtlAllocateHeap 449->451 450->451 453 cdcb1f-cdcb26 call cdc280 451->453 454 cdcb46 451->454 453->448 459 cdcb28-cdcb31 call ce1bb2 453->459 454->457 459->448 459->451
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,?,?,?,00CDC47A,?,00000000,?,00CCE012,?,?,?,?,?,?,00CA164E), ref: 00CDCB3C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                      • Opcode ID: b36f24aad911a80d019f7d82d44ea4991913c70ecf056b953e0db69ee9ac380e
                                                                                                                                                                                                      • Instruction ID: 33958045bb2345ba28f4ff693ecbc10128685f4860ff54e92e8f62985a0b93ad
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b36f24aad911a80d019f7d82d44ea4991913c70ecf056b953e0db69ee9ac380e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76E06D312486637BEB31266A9C86F5BBB4C9F413A1F190227FF34D6390DA25DE41D1E2
                                                                                                                                                                                                      Function 00CAD000 Relevance: 1.3, APIs: 1, Instructions: 75COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 505 cad000-cad07e call cb67d7 call ca33a0 call cacd50 511 cad083-cad090 505->511 512 cad092-cad09d 511->512 513 cad0b7-cad0e7 call cc9557 511->513 514 cad09f-cad0aa 512->514 515 cad0ac-cad0ae 512->515 514->515 517 cad0ea-cad17c call cce352 514->517 515->513 518 cad0b0-cad0b1 LocalFree 515->518 522 cad17e-cad182 517->522 523 cad184-cad18a 517->523 518->513 524 cad18e-cad19d call cce440 522->524 523->524 527 cad1a0-cad1ac 524->527 528 cad1ae-cad1c6 527->528 529 cad1e3-cad1ed call ca4980 527->529 530 cad1c8-cad1d2 528->530 531 cad1d5-cad1e1 528->531 533 cad1f2-cad21d call cd8507 529->533 530->531 531->533 536 cad2bf-cad2f0 533->536 537 cad223-cad226 533->537 538 cad2f2-cad2fa 536->538 539 cad355-cad36d 536->539 540 cad228-cad22a 537->540 541 cad22f-cad25b call cb1030 537->541 544 cad2fc-cad302 538->544 545 cad347 538->545 542 cad28c-cad2bc call cc9557 539->542 543 cad373-cad384 539->543 540->527 541->542 554 cad25d-cad26e 541->554 549 cad38a-cad395 543->549 550 cad281-cad283 543->550 551 cad322-cad334 544->551 552 cad304-cad30b 544->552 547 cad34b-cad353 545->547 547->538 547->539 549->550 557 cad39b-cad40f call cce352 call ccdfa3 549->557 550->542 555 cad285-cad286 LocalFree 550->555 561 cad337-cad345 551->561 552->551 558 cad30d-cad320 552->558 554->550 559 cad270-cad27b 554->559 555->542 567 cad418-cad429 557->567 568 cad411-cad412 LocalFree 557->568 558->561 559->550 559->557 561->545 561->547 568->567
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,?,?,00CF9719,00000000,00CF9719), ref: 00CAD0B1
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,00000010,00000000,1EC26200,00CF9719), ref: 00CAD286
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeLocal
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2826327444-0
                                                                                                                                                                                                      • Opcode ID: 2ac9c2bfa6452c1d623222d475fdb0aba623a387c9002ebe0b8d320e393de4f1
                                                                                                                                                                                                      • Instruction ID: 43ac9e26b4e28daac6c56b37d55cc1d9972ea2d48797a27ca97ebf660a899419
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ac9c2bfa6452c1d623222d475fdb0aba623a387c9002ebe0b8d320e393de4f1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B21D8B1D043499FDB14DF68C845BAEFBB4EB05714F10822DE822A77C0DB756A44CB91

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 00CA7800 Relevance: 42.4, APIs: 16, Strings: 8, Instructions: 417libraryloadersleepCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetWindowsDirectoryW.KERNEL32(00000010,00000104,?,?,?), ref: 00CA79D8
                                                                                                                                                                                                      • GetForegroundWindow.USER32(?,?,?), ref: 00CA7A5D
                                                                                                                                                                                                      • ShellExecuteExW.SHELL32(?), ref: 00CA7A7A
                                                                                                                                                                                                      • ShellExecuteExW.SHELL32(?), ref: 00CA7AB8
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(Kernel32.dll,GetProcessId,?,?,?,?), ref: 00CA7B01
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 00CA7B08
                                                                                                                                                                                                      • AllowSetForegroundWindow.USER32(00000000), ref: 00CA7B1E
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(Kernel32.dll,GetProcessId,?,?,?,?), ref: 00CA7B42
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 00CA7B49
                                                                                                                                                                                                      • Sleep.KERNEL32(00000064,?,?,?,?), ref: 00CA7B6E
                                                                                                                                                                                                      • EnumWindows.USER32(00CA7CA0,?), ref: 00CA7B8A
                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00004003,?,?,?,?), ref: 00CA7BA8
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?), ref: 00CA7BC5
                                                                                                                                                                                                      • GetExitCodeProcess.KERNEL32(?,?), ref: 00CA7BD2
                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 00CA7CAC
                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00CA7CC4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$AddressExecuteForegroundHandleModuleProcProcessShellWindows$AllowCodeDirectoryEnumExitLongObjectSingleSleepThreadWait
                                                                                                                                                                                                      • String ID: %s\System32\cmd.exe$.bat$.cmd$/C ""%s" %s"$GetProcessId$Kernel32.dll$open$runas
                                                                                                                                                                                                      • API String ID: 3646750338-986041216
                                                                                                                                                                                                      • Opcode ID: 359576fb7c6d6eda0ce93b01228f167372fba710009a895d50d731df75b094c6
                                                                                                                                                                                                      • Instruction ID: a02bad026c7a976a0e8a521d19bb227f681d819b62d8048931e3c431eebc951f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 359576fb7c6d6eda0ce93b01228f167372fba710009a895d50d731df75b094c6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E0F18F71A0424A9FDF14DFA8CC88BAEB7B5FF09318F144269E515EB291DB319E05CB60
                                                                                                                                                                                                      Function 00CE41A9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,2000000B,00CE44C7,00000002,00000000,?,?,?,00CE44C7,?,00000000), ref: 00CE4242
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,20001004,00CE44C7,00000002,00000000,?,?,?,00CE44C7,?,00000000), ref: 00CE426B
                                                                                                                                                                                                      • GetACP.KERNEL32(?,?,00CE44C7,?,00000000), ref: 00CE4280
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                      • String ID: ACP$OCP
                                                                                                                                                                                                      • API String ID: 2299586839-711371036
                                                                                                                                                                                                      • Opcode ID: 0b56cc1edaacba628bc9dd3cef2b409a05accd39bb060e1192edca3c30fa0a9c
                                                                                                                                                                                                      • Instruction ID: e15d4da75a548501e4fb35bef095f041e377c4e73de1cc712e6425121be6f440
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b56cc1edaacba628bc9dd3cef2b409a05accd39bb060e1192edca3c30fa0a9c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18218372A00280A6DB3CCF57D905B9B72A6EF94B51B568524FB2ADB111E732DE81C350
                                                                                                                                                                                                      Function 00CE437E Relevance: 7.7, APIs: 5, Instructions: 183COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00CDC819: GetLastError.KERNEL32(?,00000008,00CE0950), ref: 00CDC81D
                                                                                                                                                                                                        • Part of subcall function 00CDC819: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00CDC8BF
                                                                                                                                                                                                      • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00CE448A
                                                                                                                                                                                                      • IsValidCodePage.KERNEL32(00000000), ref: 00CE44D3
                                                                                                                                                                                                      • IsValidLocale.KERNEL32(?,00000001), ref: 00CE44E2
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00CE452A
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00CE4549
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 415426439-0
                                                                                                                                                                                                      • Opcode ID: bd84ec7f551b6a7123d97724d1f069f0b0f7b9e0284f14bd07c7a7e05b40fd5b
                                                                                                                                                                                                      • Instruction ID: 8775e3c5c916c162fb62f38dc8fcad7fec27266416df954b56689ec39601f085
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd84ec7f551b6a7123d97724d1f069f0b0f7b9e0284f14bd07c7a7e05b40fd5b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC518171A00295ABDB14DFA6CC45BBE73B8BF48700F144569FA20EB2D1E7709A44DB61
                                                                                                                                                                                                      Function 00CE39FF Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 257COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00CDC819: GetLastError.KERNEL32(?,00000008,00CE0950), ref: 00CDC81D
                                                                                                                                                                                                        • Part of subcall function 00CDC819: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00CDC8BF
                                                                                                                                                                                                      • GetACP.KERNEL32(?,?,?,?,?,?,00CDB314,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00CE3AC0
                                                                                                                                                                                                      • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00CDB314,?,?,?,00000055,?,-00000050,?,?), ref: 00CE3AEB
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00CE3C54
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast$CodeInfoLocalePageValid
                                                                                                                                                                                                      • String ID: utf8
                                                                                                                                                                                                      • API String ID: 607553120-905460609
                                                                                                                                                                                                      • Opcode ID: f6214adceb24d95606512120d1df1982c75d4345fc2781c4d676fa3557ffbeef
                                                                                                                                                                                                      • Instruction ID: 4fea02349c25b87673c862414539a98dbb871160680cbb12c50cdbfd17a11668
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f6214adceb24d95606512120d1df1982c75d4345fc2781c4d676fa3557ffbeef
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A071D2316047C6ABDB24AB77CC8AFAA73A8AF44700F15403AF556D7181EB74FB40A761
                                                                                                                                                                                                      Function 00CAD4A0 Relevance: 6.5, APIs: 2, Strings: 2, Instructions: 467COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,?,?,?,?,00000000,00000000,00000000), ref: 00CAD6AF
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,?,?,?,?,00000000,00000000,00000000,?,?,?,?,?,?,?), ref: 00CAD8FF
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeLocal
                                                                                                                                                                                                      • String ID: %$+
                                                                                                                                                                                                      • API String ID: 2826327444-2626897407
                                                                                                                                                                                                      • Opcode ID: de02be0e41e0a48cd5b7d331962dffbed7517bb559215f4e378ff20de3b18516
                                                                                                                                                                                                      • Instruction ID: 406e8950398460454be205de8acb4d54ca6eac9b6ad5caa3b6549d3f40934d4a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: de02be0e41e0a48cd5b7d331962dffbed7517bb559215f4e378ff20de3b18516
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB02E171D1021A9FCF15DFA8CC44BAEBBB5FF4A308F144229F816AB681DB349945CB91
                                                                                                                                                                                                      Function 00CCA111 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00CCA11D
                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 00CCA1E9
                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00CCA202
                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 00CCA20C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 254469556-0
                                                                                                                                                                                                      • Opcode ID: 6d5ccd8f1f73a545b82f0fd5173d144215ce230d2e574a083b4ed4c90ff7a8ab
                                                                                                                                                                                                      • Instruction ID: dc0435bfcae331286a9e90691a965ae4d06a9e3e76ec28cd8d98d9866adadc86
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d5ccd8f1f73a545b82f0fd5173d144215ce230d2e574a083b4ed4c90ff7a8ab
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC31D975D0122C9BDF21DFA4D989BCDBBB8AF08304F1041AAE50DAB250EB719B859F45
                                                                                                                                                                                                      Function 00CC98CD Relevance: 6.0, APIs: 4, Instructions: 12COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00CC99ED,00CF07F4), ref: 00CC98D2
                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(00CC99ED,?,00CC99ED,00CF07F4), ref: 00CC98DB
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409,?,00CC99ED,00CF07F4), ref: 00CC98E6
                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,?,00CC99ED,00CF07F4), ref: 00CC98ED
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3231755760-0
                                                                                                                                                                                                      • Opcode ID: 926303d6f592df4c5e35b009b336b8619bdc9a74ea3050557336344bf47ba5ec
                                                                                                                                                                                                      • Instruction ID: ad19187f83b783d1905792a6fc6b9608c63b4c09e3c6a15f6c8bcfcc7076fa3c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 926303d6f592df4c5e35b009b336b8619bdc9a74ea3050557336344bf47ba5ec
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4D0EA72044298AFEA002BE1ED8DB6D3F28AB08696F044410F70A8A562DA7555959B66
                                                                                                                                                                                                      Function 00CB27C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLocaleInfoEx.KERNEL32(!x-sys-default-locale,20000001,00000000,00000002,?,?,00CA32E0,?), ref: 00CB27D5
                                                                                                                                                                                                      • FormatMessageA.KERNEL32(00001300,00000000,1EC26200,00000000,00000000,00000000,00000000,?,?,?,00CA32E0,?), ref: 00CB27FC
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FormatInfoLocaleMessage
                                                                                                                                                                                                      • String ID: !x-sys-default-locale
                                                                                                                                                                                                      • API String ID: 4235545615-2729719199
                                                                                                                                                                                                      • Opcode ID: ffe6b662a6ec55da28884b35424892e4ea79a6717420a5a122897c3281697d0d
                                                                                                                                                                                                      • Instruction ID: c3d5199bac198d3ffb5be095d6c288bc018f731f7621a0a3fa8d00ba259318ec
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ffe6b662a6ec55da28884b35424892e4ea79a6717420a5a122897c3281697d0d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72F06576110104FFEB04AB95CC4AEEF7BACEB09390F004429F902EA050E6B0AF40D770
                                                                                                                                                                                                      Function 00CE3E20 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00CDC819: GetLastError.KERNEL32(?,00000008,00CE0950), ref: 00CDC81D
                                                                                                                                                                                                        • Part of subcall function 00CDC819: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00CDC8BF
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00CE3E74
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00CE3EBE
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00CE3F84
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 661929714-0
                                                                                                                                                                                                      • Opcode ID: c266693abd6b4357ef703f01206679a4fc1451903012e216d1c8bce9d316f7ef
                                                                                                                                                                                                      • Instruction ID: 9285c9048b1aa3d81a0066d2232d6dcf01db356dec9198393f2975637fe14d52
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c266693abd6b4357ef703f01206679a4fc1451903012e216d1c8bce9d316f7ef
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B46195719002979FDB289F66CC86B7977A8EF14300F1041BAEA25CB585E734EA84DB50
                                                                                                                                                                                                      Function 00CA1D90 Relevance: 4.6, APIs: 3, Instructions: 65COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000,1EC26200,00000001,00000000,?,00000000,00CEA200,000000FF,?,00CA1D3C,?,?,?,00000000,?), ref: 00CA1DBB
                                                                                                                                                                                                      • LockResource.KERNEL32(00000000,?,00CA1D3C,?,?,?,00000000,?,-00000010,00CEA1E0,000000FF,?,00CA2058,?,00000000,00CEA22D), ref: 00CA1DC6
                                                                                                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000,?,00CA1D3C,?,?,?,00000000,?,-00000010,00CEA1E0,000000FF,?,00CA2058,?,00000000), ref: 00CA1DD4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Resource$LoadLockSizeof
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2853612939-0
                                                                                                                                                                                                      • Opcode ID: 4bd216f83c2bbfcc7e5955dca72ba2f29a3a8f29309cba4418e5b9b342bd91f8
                                                                                                                                                                                                      • Instruction ID: 93c158a32fe9ba84fed0d1a6cfc456b993e5a34f30480471bbbc962115c34339
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4bd216f83c2bbfcc7e5955dca72ba2f29a3a8f29309cba4418e5b9b342bd91f8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F110A32E046559BC7319F59DC84B6AF7ECE786B65F05493FEC5AD3340E6359C008690
                                                                                                                                                                                                      Function 00CDEBA4 Relevance: 1.9, APIs: 1, Instructions: 408timeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00CDEFE9,00000000,00000000,00000000), ref: 00CDEEA8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InformationTimeZone
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 565725191-0
                                                                                                                                                                                                      • Opcode ID: 594d0e46f973c28acc960eeab8f74e1f7435b9bb0238c378a18f188d34526138
                                                                                                                                                                                                      • Instruction ID: 8bb0d23e56bbf3a23652514247d969e444228bbe0918167e0918dafcc114c6d2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 594d0e46f973c28acc960eeab8f74e1f7435b9bb0238c378a18f188d34526138
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8AC1F672900225ABDB10BF64CC42AAEBBA9EF44750F54405BFA15EF391EB319F41E790
                                                                                                                                                                                                      Function 00CC9D5C Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00CC9D72
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FeaturePresentProcessor
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2325560087-0
                                                                                                                                                                                                      • Opcode ID: d4bbd615ed47f51874cc0e1788ec564ee7df3d3be1e288eca1c483ba4f16d55e
                                                                                                                                                                                                      • Instruction ID: 6887f9c2df88d2aff86dc8f2f721408b5e89cb79881046b70161271063ef5d5f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4bbd615ed47f51874cc0e1788ec564ee7df3d3be1e288eca1c483ba4f16d55e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20515EB19017058FEB15CFA5D999BAAB7F0FB48310F24846ED419EB360D3B4AA41CF60
                                                                                                                                                                                                      Function 00CE0B80 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: d3cb302d55dc8e6121a8f41caa70d69506c58ad17ca910bf3c3d06430e5529ed
                                                                                                                                                                                                      • Instruction ID: 273a24dc8d97ab1d4b68354d90ed265cda9c893aa3609c032f68e9ecb4c72dab
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d3cb302d55dc8e6121a8f41caa70d69506c58ad17ca910bf3c3d06430e5529ed
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0431F972900258AFCB10DFB9CCC5EBBB77DEB84354F244659F81597240E670AE809B90
                                                                                                                                                                                                      Function 00CE4080 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00CDC819: GetLastError.KERNEL32(?,00000008,00CE0950), ref: 00CDC81D
                                                                                                                                                                                                        • Part of subcall function 00CDC819: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00CDC8BF
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00CE40D4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3736152602-0
                                                                                                                                                                                                      • Opcode ID: 0b0c0f8a497747f9052fa8fbe7df816e08a8ced52305561e0fa658245c5eb7e4
                                                                                                                                                                                                      • Instruction ID: cb817c84df25df76e4d541762c88cdcb4310249bf8fe138629e3d3c1c9eec607
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b0c0f8a497747f9052fa8fbe7df816e08a8ced52305561e0fa658245c5eb7e4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01218372600286ABDF2C9E16DC81EBE77A8EF64354F11407AF915D6241EB349D80A650
                                                                                                                                                                                                      Function 00CE3CF2 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00CDC819: GetLastError.KERNEL32(?,00000008,00CE0950), ref: 00CDC81D
                                                                                                                                                                                                        • Part of subcall function 00CDC819: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00CDC8BF
                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(00CE3E20,00000001,00000000,?,-00000050,?,00CE445E,00000000,?,?,?,00000055,?), ref: 00CE3D64
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2417226690-0
                                                                                                                                                                                                      • Opcode ID: e35d445094f6f1fa7885e25a3e18aabe14061b8e5a3ee220693cf27e2c584f87
                                                                                                                                                                                                      • Instruction ID: dd4f018a9260046695cb7c8047f6441241f01650417c0e11705799a4b68efc8b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e35d445094f6f1fa7885e25a3e18aabe14061b8e5a3ee220693cf27e2c584f87
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 001125362103459FDB18AF3ACC956BABBA2FF84358B14442DE94687A40D375BB42CB40
                                                                                                                                                                                                      Function 00CE42AF Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00CDC819: GetLastError.KERNEL32(?,00000008,00CE0950), ref: 00CDC81D
                                                                                                                                                                                                        • Part of subcall function 00CDC819: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00CDC8BF
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00CE403C,00000000,00000000,?), ref: 00CE42DB
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3736152602-0
                                                                                                                                                                                                      • Opcode ID: f1f05e09815737ab06e0c134228f96152033032ddffb5dc11adf4ce05cead0f4
                                                                                                                                                                                                      • Instruction ID: b265f57eee35ed621e040324e552ed8a89720ad3a946fdf79edd7e2bacc0d7e5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1f05e09815737ab06e0c134228f96152033032ddffb5dc11adf4ce05cead0f4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64F0F973900152EBDB2C5A228C05BBA7768EB40354F044429ED15B3290EA70FF42D590
                                                                                                                                                                                                      Function 00CE3D8D Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00CDC819: GetLastError.KERNEL32(?,00000008,00CE0950), ref: 00CDC81D
                                                                                                                                                                                                        • Part of subcall function 00CDC819: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00CDC8BF
                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(00CE4080,00000001,?,?,-00000050,?,00CE4422,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00CE3DD7
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2417226690-0
                                                                                                                                                                                                      • Opcode ID: 8dddf18ae8cf2a60a0ff7a3146ddeb1012b8063125731ae311b47881abc77182
                                                                                                                                                                                                      • Instruction ID: 1e94ddfa14fbd3a6375f919997d4fbd197bc7a625d672f271b316d5e2bd8c2ef
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8dddf18ae8cf2a60a0ff7a3146ddeb1012b8063125731ae311b47881abc77182
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05F040322103846FCB245F3ADC85B7A7BD4EF80368B05802DFA428B680D6B2AF02D640
                                                                                                                                                                                                      Function 00CDE19D Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00CD8C61: EnterCriticalSection.KERNEL32(?,?,00CE1BF6,00000000,00CFF1B8,0000000C,00CE1BBD,?,?,00CDE158,?,?,00CDC9B7,00000001,00000364,?), ref: 00CD8C70
                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(00CDE190,00000001,00CFF0D8,0000000C,00CDE5BF,00000000), ref: 00CDE1D5
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1272433827-0
                                                                                                                                                                                                      • Opcode ID: 896a07508035d4ee7d18f2aeaae0957e1ea7391c446dd3bb6ed733df1117f212
                                                                                                                                                                                                      • Instruction ID: d976a9a4384f82571c40aea91f3a6c0bd349da9ca04d27ebd40d0991c2638167
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 896a07508035d4ee7d18f2aeaae0957e1ea7391c446dd3bb6ed733df1117f212
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44F03276A00204EFD700EF98E882B9C7BE0EB48721F10416AF614EB3A1CB7999449B65
                                                                                                                                                                                                      Function 00CC9007 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLocaleInfoEx.KERNEL32(?,00000022,00000000,00000002,?,?,00CC6A8E,00000000,00CF9719,00000004,00CC56AD,00CF9719,00000004,00CC5AD7,00000000,00000000), ref: 00CC9020
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2299586839-0
                                                                                                                                                                                                      • Opcode ID: 1d2ac1bd5de7bbb32587f5a8de6e6f548417d0d62bfc48a44ceacfef19c41b42
                                                                                                                                                                                                      • Instruction ID: f30c876ff211717193c35e176910b600832a44bc916b3a1d69dfe709cc1c6cc1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d2ac1bd5de7bbb32587f5a8de6e6f548417d0d62bfc48a44ceacfef19c41b42
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64E09236650205B6D7058BBCD94FF6A3698E704749F104549F102D55D1DAB4CB00A251
                                                                                                                                                                                                      Function 00CE3CA7 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00CDC819: GetLastError.KERNEL32(?,00000008,00CE0950), ref: 00CDC81D
                                                                                                                                                                                                        • Part of subcall function 00CDC819: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00CDC8BF
                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(00CE3C00,00000001,?,?,?,00CE4480,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00CE3CDE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2417226690-0
                                                                                                                                                                                                      • Opcode ID: c171e60ee151fcfe0faa32eaf18cb9b5bf637622e1532a016834ea041b195889
                                                                                                                                                                                                      • Instruction ID: 2c94c1e89b4cf17447e351a9af9012d9e4828a9a25abb6f7fa82d06ef3d04c00
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c171e60ee151fcfe0faa32eaf18cb9b5bf637622e1532a016834ea041b195889
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17F0E53630028557CB149F37D889BAA7F94EFC1754B164059EA058B291C675EA42D790
                                                                                                                                                                                                      Function 00CDE71A Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00CDBE7A,?,20001004,00000000,00000002,?,?,00CDB47C), ref: 00CDE74E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2299586839-0
                                                                                                                                                                                                      • Opcode ID: b6a38f1acea708d641273bb17ea4e9772b3c5fbcfce1e7d930682984791d2203
                                                                                                                                                                                                      • Instruction ID: e8fc99ca2abef4c3a15b7dd6c12f6f517305f38db1108761ef0b542985514c41
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6a38f1acea708d641273bb17ea4e9772b3c5fbcfce1e7d930682984791d2203
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3CE04F31500269BBCF123F61EC05FAE3F19EF44750F054416FE0969261CB328A20ABD5
                                                                                                                                                                                                      Function 00CA25B0 Relevance: 1.3, APIs: 1, Instructions: 64memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00CC9618: AcquireSRWLockExclusive.KERNEL32(00D02B64,?,?,?,00CA2656,00D0376C,1EC26200,?,?,00CEA2AD,000000FF,?,00CA1A17), ref: 00CC9623
                                                                                                                                                                                                        • Part of subcall function 00CC9618: ReleaseSRWLockExclusive.KERNEL32(00D02B64,?,?,00CA2656,00D0376C,1EC26200,?,?,00CEA2AD,000000FF,?,00CA1A17,?,?,?,1EC26200), ref: 00CC965D
                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 00CA2605
                                                                                                                                                                                                        • Part of subcall function 00CC95C7: AcquireSRWLockExclusive.KERNEL32(00D02B64,?,?,00CA26C7,00D0376C,00CEDD70), ref: 00CC95D1
                                                                                                                                                                                                        • Part of subcall function 00CC95C7: ReleaseSRWLockExclusive.KERNEL32(00D02B64,?,?,00CA26C7,00D0376C,00CEDD70), ref: 00CC9604
                                                                                                                                                                                                        • Part of subcall function 00CC95C7: WakeAllConditionVariable.KERNEL32(00D02B60,?,?,00CA26C7,00D0376C,00CEDD70), ref: 00CC960F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireRelease$ConditionHeapProcessVariableWake
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1755742941-0
                                                                                                                                                                                                      • Opcode ID: c2dc4f90c78885a0029b12f36f22d479e0eeb7615ed4ffa9d5d39530c7dad4cd
                                                                                                                                                                                                      • Instruction ID: c1641938e52eb6179f60aec6613ea0c70e6b180aaa569a6b44e819db69d65aed
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2dc4f90c78885a0029b12f36f22d479e0eeb7615ed4ffa9d5d39530c7dad4cd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE2198F0840701AFD310DF68EE0AB5977A8E786724F00022DE429D73E0D7B0AB049B72
                                                                                                                                                                                                      Function 00CE097C Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 6368cd5ad71341a1b29a6c97cf458ea0cd2b9c300a31ba0e5531929605537af1
                                                                                                                                                                                                      • Instruction ID: 966b885fb5c8e00d0565f40254c0629af8755f3ec41d56eb20c3c6fc6b6abc6d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6368cd5ad71341a1b29a6c97cf458ea0cd2b9c300a31ba0e5531929605537af1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30E04632A11268EBCB14EB8D890598AB2BCEB45B10B210096B511D3202C2B4DE40D7D1
                                                                                                                                                                                                      Function 00CD9DE5 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: ee2e060d41377332e3052d441e23bfaf2e5d4587f851b6276e8910fada055d62
                                                                                                                                                                                                      • Instruction ID: 0a1c94934ad3c816cc896b10ccb1eea21c2b1a9786ae64c3727d6ff0ca71c433
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee2e060d41377332e3052d441e23bfaf2e5d4587f851b6276e8910fada055d62
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4CC08CB8000A8046CF29C910C3713A43354E391782FD4068DCA1A0BB43E62E9D82E680
                                                                                                                                                                                                      Function 00CA89D0 Relevance: 30.1, APIs: 13, Strings: 4, Instructions: 348filememoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00CA8A4D
                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00CA8AA0
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,?,00000000,00CEB135,000000FF), ref: 00CA8AAF
                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00CA8ACB
                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,00CEB135,000000FF), ref: 00CA8BAB
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00CEB135,000000FF), ref: 00CA8BB7
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,00000000,00CEB135,000000FF), ref: 00CA8BF3
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,?,00000000,00CEB135,000000FF), ref: 00CA8C12
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,00000000,00CEB135,000000FF), ref: 00CA8C2F
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,00000000,00CEB135,000000FF), ref: 00CA8CC3
                                                                                                                                                                                                      • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000005), ref: 00CA8D08
                                                                                                                                                                                                      • ShellExecuteW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000005), ref: 00CA8D5A
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,00000000,00CEB135,000000FF), ref: 00CA8D8D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ByteCharLocalMultiWide$AllocExecuteFileFreeShell$CloseCreateHandleWrite
                                                                                                                                                                                                      • String ID: -_.~!*'();:@&=+$,/?#[]$URL Shortcut content:$[InternetShortcut]URL=$open
                                                                                                                                                                                                      • API String ID: 2199533872-3004881174
                                                                                                                                                                                                      • Opcode ID: b9560fde137820fb0411f10ef43192592b5acc5b74df8ed322d0ed64c1ed61a8
                                                                                                                                                                                                      • Instruction ID: 5ea72f8da320c97c16e878021b70f740775feaba392ef82faad5a28e0da43b49
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b9560fde137820fb0411f10ef43192592b5acc5b74df8ed322d0ed64c1ed61a8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AFC148B190028A9FEB20DF68CC45BFFBBB5EF56704F144129E5109B2C1EB744A49C7A1
                                                                                                                                                                                                      Function 00CA6B60 Relevance: 15.1, APIs: 10, Instructions: 132timeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000400,00000000,?,1EC26200,?,00000000), ref: 00CA6BB5
                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000400,00000000,00000000,?,1EC26200,?,00000000), ref: 00CA6BD6
                                                                                                                                                                                                      • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,1EC26200,?,00000000), ref: 00CA6C09
                                                                                                                                                                                                      • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,1EC26200,?,00000000), ref: 00CA6C1A
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,1EC26200,?,00000000), ref: 00CA6C38
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,1EC26200,?,00000000), ref: 00CA6C5C
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,1EC26200,?,00000000), ref: 00CA6C88
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,1EC26200,?,00000000), ref: 00CA6CA8
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,1EC26200,?,00000000), ref: 00CA6CCA
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,1EC26200,?,00000000), ref: 00CA6CEA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandle$Process$OpenTimes
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1711917922-0
                                                                                                                                                                                                      • Opcode ID: 563f7eeddebff50c2be850d0edfbe3f942b84be87cec286cb0f4b2f85fce4a3a
                                                                                                                                                                                                      • Instruction ID: 885f1c6d67379c0f4965e4afff654cce62641fa79ea7765ba0516cb34f401f48
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 563f7eeddebff50c2be850d0edfbe3f942b84be87cec286cb0f4b2f85fce4a3a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 725173B0D01259DFDF11DFA4C9887EEBBB4EF05728F244219EA21BB290D7B51A04CB65
                                                                                                                                                                                                      Function 00CA5A10 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 373fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetTempFileNameW.KERNEL32(?,URL,00000000,?,1EC26200,?,00000004), ref: 00CA5A7A
                                                                                                                                                                                                      • LocalFree.KERNEL32(?), ref: 00CA5B8B
                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,00000000), ref: 00CA5E2B
                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 00CA5E73
                                                                                                                                                                                                      • LocalFree.KERNEL32(?), ref: 00CA5F0D
                                                                                                                                                                                                      • LocalFree.KERNEL32(?), ref: 00CA5FC2
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileFreeLocal$DeleteMoveNameTemp
                                                                                                                                                                                                      • String ID: URL$url
                                                                                                                                                                                                      • API String ID: 1227976696-346267919
                                                                                                                                                                                                      • Opcode ID: 34a87a3c794f01764752801a7330eccaf9a03e3231a7f4bf106a21a8d290f768
                                                                                                                                                                                                      • Instruction ID: e3051ada67800590457833a46987b072f6b80b7f469b38ff5e2d98440fc9df8f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 34a87a3c794f01764752801a7330eccaf9a03e3231a7f4bf106a21a8d290f768
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 89026970E1466A9ACB24DF64C998BADB7B0FF55308F1042D9E409A7291EB746FC4CF80
                                                                                                                                                                                                      Function 00CDE366 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00CDE473,?,?,?,00000000,?,?,00CDE69D,00000021,FlsSetValue,00CF3780,00CF3788,?), ref: 00CDE427
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                      • API String ID: 3664257935-537541572
                                                                                                                                                                                                      • Opcode ID: e3260d22cb2851143e19bd3c27a893a3dce8f0f9aabb5f25487acb6427708103
                                                                                                                                                                                                      • Instruction ID: ef2732e1151ab2941bd94cac025774828550f857b963dde54ecd0c3046205a1c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3260d22cb2851143e19bd3c27a893a3dce8f0f9aabb5f25487acb6427708103
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B21BB71601221A7CB21A7A5DC45B6E3768DB41760F154132EB25EF3E1EB70FE00D6E1
                                                                                                                                                                                                      Function 00CB0820 Relevance: 9.3, APIs: 4, Strings: 2, Instructions: 270memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?), ref: 00CB08DF
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?), ref: 00CB0924
                                                                                                                                                                                                      • LocalFree.KERNEL32(?), ref: 00CB09D8
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,?,?,?,?,1EC26200,1EC26200,?,?), ref: 00CB0B06
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Local$AllocFree
                                                                                                                                                                                                      • String ID: ios_base::failbit set$iostream
                                                                                                                                                                                                      • API String ID: 2012307162-302468714
                                                                                                                                                                                                      • Opcode ID: 21ad80a0f6b266da1c9c825905ee4b221abf6b9ccd71525a034f597405480fd3
                                                                                                                                                                                                      • Instruction ID: 3a43236cd4df365849236ec6c01ab2f703c6bce62ca2d2d5f55b11eef92949c7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21ad80a0f6b266da1c9c825905ee4b221abf6b9ccd71525a034f597405480fd3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5A1B2B1D00248DFDB04DF68C884BAEFBB5FB44310F20826EE825AB391D7709A40CB90
                                                                                                                                                                                                      Function 00CC9284 Relevance: 9.2, APIs: 6, Instructions: 225COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCPInfo.KERNEL32(?,?,?,?,?), ref: 00CC930F
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00CC939B
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00CC9406
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00CC9422
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00CC9485
                                                                                                                                                                                                      • CompareStringEx.KERNEL32(?,?,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00CC94A2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ByteCharMultiWide$CompareInfoString
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2984826149-0
                                                                                                                                                                                                      • Opcode ID: 4bb9b63b1d9e50f5362daa6639155949fbb17241579329d507b43d4f36d965c0
                                                                                                                                                                                                      • Instruction ID: 1873ec58793201e55525739272de4e06f5c7b4b70c1e626eaf8600edc19d8499
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4bb9b63b1d9e50f5362daa6639155949fbb17241579329d507b43d4f36d965c0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B71D132900299ABDF218FA4CC89FEE7BB9EF09350F19005DE965A71E1D7349D41CBA0
                                                                                                                                                                                                      Function 00CA2CF0 Relevance: 9.2, APIs: 6, Instructions: 220encryptionCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • #224.MSI(?,00000001,00000000,00000000,00000000), ref: 00CA2D70
                                                                                                                                                                                                      • LocalFree.KERNEL32(?), ref: 00CA2DDA
                                                                                                                                                                                                      • LocalFree.KERNEL32(?), ref: 00CA2E44
                                                                                                                                                                                                      • CertFreeCertificateContext.CRYPT32(00000000), ref: 00CA2F85
                                                                                                                                                                                                        • Part of subcall function 00CA3DE0: CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000,1EC26200), ref: 00CA3E23
                                                                                                                                                                                                      • LocalFree.KERNEL32(?), ref: 00CA2F3B
                                                                                                                                                                                                      • CertFreeCertificateContext.CRYPT32(00000003,?), ref: 00CA2FCB
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Free$CertLocal$CertificateContext$#224NameString
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2751787804-0
                                                                                                                                                                                                      • Opcode ID: 22392e030ba9d9badd53e0f1f9bbaf3fce65d9e62ba115a811f095b02746dc2f
                                                                                                                                                                                                      • Instruction ID: 2a41e2e83b31dcda632bd9d60b48c01a2f622f9a981f4327091c71e53ce3f47d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 22392e030ba9d9badd53e0f1f9bbaf3fce65d9e62ba115a811f095b02746dc2f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA91AD70D0029ACFDB18CFA8C95879EFBB1FF45308F144619E415AB391DBB5AA84CB90
                                                                                                                                                                                                      Function 00CC8D69 Relevance: 9.2, APIs: 6, Instructions: 175COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,CCCCCCCC,00CACA2F,?,00000001,00000000,00000000,?,?,00CACA2F,?), ref: 00CC8DB2
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000,?,00CACA2F,?,?,00000000,00CAD083,0000003F,?), ref: 00CC8E1D
                                                                                                                                                                                                      • LCMapStringEx.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00CACA2F,?,?,00000000,00CAD083,0000003F), ref: 00CC8E3A
                                                                                                                                                                                                      • LCMapStringEx.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,?,00CACA2F,?,?,00000000,00CAD083,0000003F), ref: 00CC8E79
                                                                                                                                                                                                      • LCMapStringEx.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00CACA2F,?,?,00000000,00CAD083,0000003F), ref: 00CC8ED8
                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000,?,00CACA2F,?,?,00000000,00CAD083,0000003F,?), ref: 00CC8EFB
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ByteCharMultiStringWide
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2829165498-0
                                                                                                                                                                                                      • Opcode ID: 2c3985928f16411d4c12d319637b71a0dbce7896982c146789d58d4fbb7ae77c
                                                                                                                                                                                                      • Instruction ID: 77ddac67cd0a9a72cc5ebc02b730829d2b41c57744cc5ee8cfa38790d9caae2f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c3985928f16411d4c12d319637b71a0dbce7896982c146789d58d4fbb7ae77c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E251B172600206AFEB209F90CC84FAF7BB9EB44754F14442DF915E6190EB30DE55DBA0
                                                                                                                                                                                                      Function 00CA8620 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(1EC26200,1EC26200,?,?,00000000,00CEB0D1,000000FF), ref: 00CA86BB
                                                                                                                                                                                                        • Part of subcall function 00CC9618: AcquireSRWLockExclusive.KERNEL32(00D02B64,?,?,?,00CA2656,00D0376C,1EC26200,?,?,00CEA2AD,000000FF,?,00CA1A17), ref: 00CC9623
                                                                                                                                                                                                        • Part of subcall function 00CC9618: ReleaseSRWLockExclusive.KERNEL32(00D02B64,?,?,00CA2656,00D0376C,1EC26200,?,?,00CEA2AD,000000FF,?,00CA1A17,?,?,?,1EC26200), ref: 00CC965D
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 00CA8680
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 00CA8687
                                                                                                                                                                                                        • Part of subcall function 00CC95C7: AcquireSRWLockExclusive.KERNEL32(00D02B64,?,?,00CA26C7,00D0376C,00CEDD70), ref: 00CC95D1
                                                                                                                                                                                                        • Part of subcall function 00CC95C7: ReleaseSRWLockExclusive.KERNEL32(00D02B64,?,?,00CA26C7,00D0376C,00CEDD70), ref: 00CC9604
                                                                                                                                                                                                        • Part of subcall function 00CC95C7: WakeAllConditionVariable.KERNEL32(00D02B60,?,?,00CA26C7,00D0376C,00CEDD70), ref: 00CC960F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireRelease$AddressConditionCurrentHandleModuleProcProcessVariableWake
                                                                                                                                                                                                      • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                      • API String ID: 411948497-3789238822
                                                                                                                                                                                                      • Opcode ID: f82fed8780de667eeb7a2b7a0be5bce169bc36d53f8063f35c21257732f20dab
                                                                                                                                                                                                      • Instruction ID: 1f82fec201be43d9b9c15dc062ae3130554c8a42992a3f71bedea014b37d3cbf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f82fed8780de667eeb7a2b7a0be5bce169bc36d53f8063f35c21257732f20dab
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED21AEF290474AEFDB10CF54DC45BA9B7B8FB04B10F00026AE829D3790DB75AA04CB61
                                                                                                                                                                                                      Function 00CD9E07 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,1EC26200,?,?,00000000,00CEC7A0,000000FF,?,00CD9D97,?,?,00CD9D6B,?), ref: 00CD9E3C
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00CD9E4E
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00000000,00CEC7A0,000000FF,?,00CD9D97,?,?,00CD9D6B,?), ref: 00CD9E70
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                      • Opcode ID: fe5471807e43376d15c32df9d93f7fc890d906ff38b65f47aa31d8a2f5ed443a
                                                                                                                                                                                                      • Instruction ID: f9583156b65a8f358ace66049467a2a808eb1226d108fdde6a28a74a03ccffa4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe5471807e43376d15c32df9d93f7fc890d906ff38b65f47aa31d8a2f5ed443a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C101A235900669EFDB119F50DC45BBEBBB8FB04B50F00452AF921A2690DB749900CA90
                                                                                                                                                                                                      Function 00CA7E40 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 82COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLastError.KERNEL32(00000010,00000010,?,00CA7ACB,?,?,?), ref: 00CA7E47
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast
                                                                                                                                                                                                      • String ID: Call to ShellExecuteEx() returned:$Last error=$false$true
                                                                                                                                                                                                      • API String ID: 1452528299-1782174991
                                                                                                                                                                                                      • Opcode ID: 87f7edec028e818fbbd2541d07aa3f10e9b7126ab82766e8340f4415274b32b7
                                                                                                                                                                                                      • Instruction ID: a4924df12416634f7e8ee6527812b62d11703c88cb246383b67307f8a08d0f7c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 87f7edec028e818fbbd2541d07aa3f10e9b7126ab82766e8340f4415274b32b7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA216D49A102628ACF705F7C8804376A2F1FF65749F6509AFE8D8D7390F6798E828395
                                                                                                                                                                                                      Function 00CA6160 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 105libraryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00CA61C5
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,000000FF,00CEAA0D,000000FF), ref: 00CA627B
                                                                                                                                                                                                        • Part of subcall function 00CA1FE0: FindResourceW.KERNEL32(00000000,?,00000006,?,00000000,00CEA22D,000000FF,?,80070057,?,00000000,?,00000010,?,00CA1B19,?), ref: 00CA206C
                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,000000FF,00CEAA0D,000000FF), ref: 00CA621F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DirectoryErrorFindLastLibraryLoadResourceSystem
                                                                                                                                                                                                      • String ID: ntdll.dll
                                                                                                                                                                                                      • API String ID: 4113295189-2227199552
                                                                                                                                                                                                      • Opcode ID: c726e8b939ef5afdb4b2a22718e726f2f3082fb69925d167c208d3391a388d9c
                                                                                                                                                                                                      • Instruction ID: 7ddb0f89ce06ab41d2a5a6b3c761a4a2b5c0bf04a0657cecb965ae3dfcb5c128
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c726e8b939ef5afdb4b2a22718e726f2f3082fb69925d167c208d3391a388d9c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF41A671A00259DFDB10DFA8CC85BAEBBB4FF45314F148269E925EB2C1DB749A04CB51
                                                                                                                                                                                                      Function 00CCDDA2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00CCDD53,00000000,?,00D02EF4,?,?,?,00CCDEF6,00000004,InitializeCriticalSectionEx,00CF12BC,InitializeCriticalSectionEx), ref: 00CCDDAF
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00CCDD53,00000000,?,00D02EF4,?,?,?,00CCDEF6,00000004,InitializeCriticalSectionEx,00CF12BC,InitializeCriticalSectionEx,00000000,?,00CCDCAD), ref: 00CCDDB9
                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00CCDDE1
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                      • String ID: api-ms-
                                                                                                                                                                                                      • API String ID: 3177248105-2084034818
                                                                                                                                                                                                      • Opcode ID: 5cd206ae3664e1679e1674913451be066d4010d1dc328ac289d3167ea4246a46
                                                                                                                                                                                                      • Instruction ID: 686b22c35b8103b242c4bf431a00d7072e5e3bb3e705811a559d5d0cee0dd437
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5cd206ae3664e1679e1674913451be066d4010d1dc328ac289d3167ea4246a46
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7E04F34680209B7EF101BA1EC46F6C3B549B00B90F244030FA0EEC4E1EBB2E950A5A8
                                                                                                                                                                                                      Function 00CE767B Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetConsoleOutputCP.KERNEL32(1EC26200,?,00000000,?), ref: 00CE76DE
                                                                                                                                                                                                        • Part of subcall function 00CE05BF: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00CDDF21,?,00000000,-00000008), ref: 00CE066B
                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00CE7939
                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00CE7981
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00CE7A24
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2112829910-0
                                                                                                                                                                                                      • Opcode ID: fea64a5c2fb08e6f3d50418b21e2bd317d76971f769a02c4bfa70ff960f558bb
                                                                                                                                                                                                      • Instruction ID: e6b9d8f5f9a138c2232744348c375e5ed53f480960c51a000c194b2be4b501cc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fea64a5c2fb08e6f3d50418b21e2bd317d76971f769a02c4bfa70ff960f558bb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16D16DB5D042989FCF15CFA9D880AEDBBB5FF08314F18426AE865EB351D730A942DB50
                                                                                                                                                                                                      Function 00CAF560 Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 258memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000018,1EC26200,00000000,?), ref: 00CAF5C6
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocLocal
                                                                                                                                                                                                      • String ID: bad locale name$false$true
                                                                                                                                                                                                      • API String ID: 3494564517-1062449267
                                                                                                                                                                                                      • Opcode ID: cbdda724e74d281834c65e4ff2d02ddad7406d3ae1e3b6b6678dcfc69e7fdf3c
                                                                                                                                                                                                      • Instruction ID: 8088e2c461a7951bb1078402f66e84baf78149562f50c1c7be0cf8bd054ce7ab
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cbdda724e74d281834c65e4ff2d02ddad7406d3ae1e3b6b6678dcfc69e7fdf3c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 39B18EB1D00388DEEB10DFE4C905BDEBBF4AF15304F1481ADE459AB281E7799A48DB51
                                                                                                                                                                                                      Function 00CA92A0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,00000000,00000000,00CA8D7C,00000000,?,?,?,?,?,?,?,00000000,00CEB135,000000FF), ref: 00CA92A7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast
                                                                                                                                                                                                      • String ID: > returned:$Call to ShellExecute() for verb<$Last error=
                                                                                                                                                                                                      • API String ID: 1452528299-1781106413
                                                                                                                                                                                                      • Opcode ID: ed697697e87916b0e3204be33c35431bb9d73b01c16d1ac81684ceeef3c0d134
                                                                                                                                                                                                      • Instruction ID: 720a08291714decc1cd04cdf074b0e7014968ed7a0390758be71fc8fc4d53866
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed697697e87916b0e3204be33c35431bb9d73b01c16d1ac81684ceeef3c0d134
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A216F49B2026287CF741F7C840137AA2F5EF55758F25442FE9D9D7390EA798C82C395
                                                                                                                                                                                                      Function 00CB19B0 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000004,00000080,00000000,1EC26200), ref: 00CB19EC
                                                                                                                                                                                                      • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 00CB1A0C
                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,?,?,?,00000000,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 00CB1A3D
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,00000000,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 00CB1A56
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CloseCreateHandlePointerWrite
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3604237281-0
                                                                                                                                                                                                      • Opcode ID: ebe8085f3a8d3543ed7deaf35f91d9fc9d01a1825db1b05f3b8ff0b8c34f0b80
                                                                                                                                                                                                      • Instruction ID: 181ed0a7b5f4101243de947a1deac21c86006187fe73c0394493c8e98b9cb129
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ebe8085f3a8d3543ed7deaf35f91d9fc9d01a1825db1b05f3b8ff0b8c34f0b80
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C121B1B0941358AFD720DF14DD49FAEBBB8FB05B24F10021AFA10AB2C0D7B46A0487E4
                                                                                                                                                                                                      Function 00CCA365 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00CCA377
                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00CCA386
                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 00CCA38F
                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 00CCA39C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2933794660-0
                                                                                                                                                                                                      • Opcode ID: bb92d26e4a3c0f2173bdd66e899811d941c3ad4e3b74cca05f86d5530fd2904f
                                                                                                                                                                                                      • Instruction ID: 824818fa0a52765534fe61c11854f5c288ed163d586538ce31a34017bdfc5cfc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb92d26e4a3c0f2173bdd66e899811d941c3ad4e3b74cca05f86d5530fd2904f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CDF05F71C1020DEBCB00DBB4D989B9EBBF8FF18345F9148969412EB150D774AB48DB51
                                                                                                                                                                                                      Function 00CA9890 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 154COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: \\?\$\\?\UNC\
                                                                                                                                                                                                      • API String ID: 0-3019864461
                                                                                                                                                                                                      • Opcode ID: 53f18c6575206581a4bc768bb36c0cb4dd4197c21f76410a4a954c16b337a784
                                                                                                                                                                                                      • Instruction ID: 9eb1489171b74089a344225c53f5ff82e7e8211ac2387e5e8937702f94708d6b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53f18c6575206581a4bc768bb36c0cb4dd4197c21f76410a4a954c16b337a784
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4951B3B0D00205ABDB24CF68C846BEEB7F4FF56308F10461EE555B7680D775AA85CB90
                                                                                                                                                                                                      Function 00CCD346 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EncodePointer.KERNEL32(00000000,?), ref: 00CCD36B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: EncodePointer
                                                                                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                                                                                      • API String ID: 2118026453-2084237596
                                                                                                                                                                                                      • Opcode ID: 9e2a0de29cff2fdb0d97d4658b908011ab99bf4523865eaee67cd8ec475790dd
                                                                                                                                                                                                      • Instruction ID: 54a7d1f68ddde89a0ff0a25a12ce46ee847cc323a9ecbc28fc38aff39af89fca
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e2a0de29cff2fdb0d97d4658b908011ab99bf4523865eaee67cd8ec475790dd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 89414971900209AFCF19DF98CC81FAE7BB5BF48304F19806AFA19A7221D335AA51DB51
                                                                                                                                                                                                      Function 00CA8310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ConvertSidToStringSidW.ADVAPI32(?,00000000), ref: 00CA8356
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,Invalid SID,0000000B,?,00000000,1EC26200), ref: 00CA83C5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ConvertFreeLocalString
                                                                                                                                                                                                      • String ID: Invalid SID
                                                                                                                                                                                                      • API String ID: 3201929900-130637731
                                                                                                                                                                                                      • Opcode ID: 7ffc17f2de758aa60d8c390d362b9346f8eb8f6f1aadb173764941ac129bffd4
                                                                                                                                                                                                      • Instruction ID: c9bd07b38d53e3643006dcb99136c71b62cd8dd3307762ca5e919ac07f8c06d8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ffc17f2de758aa60d8c390d362b9346f8eb8f6f1aadb173764941ac129bffd4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB21A1B4A002459BDB14CF58D8597AFFBB8FF45B08F14461DE911A7280D7B56A448BD0
                                                                                                                                                                                                      Function 00CB2445 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00CB10C0: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,1EC26200,?,00CEA250,000000FF), ref: 00CB10E7
                                                                                                                                                                                                        • Part of subcall function 00CB10C0: GetLastError.KERNEL32(?,00000000,00000000,1EC26200,?,00CEA250,000000FF), ref: 00CB10F1
                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,00CFDB48), ref: 00CB2478
                                                                                                                                                                                                      • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,00CFDB48), ref: 00CB2487
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00CB2482
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                                                                                                                                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                      • API String ID: 3511171328-631824599
                                                                                                                                                                                                      • Opcode ID: fbd718c5f76a23f2b50d79e4835c1f56851a308105b54ba9aded39b2e3b4e0e9
                                                                                                                                                                                                      • Instruction ID: 97b6e5b7390b6c022cc5bc13621d793549beb5ca8a8e22e0687853d111a31139
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fbd718c5f76a23f2b50d79e4835c1f56851a308105b54ba9aded39b2e3b4e0e9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4BE092B02003828FD7309F39E80438A7BE4AF00384F008C2CE846C7641D7B0D588DFA2
                                                                                                                                                                                                      Function 00CA6D30 Relevance: 5.2, APIs: 4, Instructions: 183memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,40000022,1EC26200,?,00000000,?,?,?,?,00CEAC40,000000FF,?,00CA650E,00000000,?), ref: 00CA6DD4
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,3FFFFFFF,1EC26200,?,00000000,?,?,?,?,00CEAC40,000000FF,?,00CA650E,00000000,?), ref: 00CA6DF7
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,?,?,?,?,00000000,?,?,?,?,00CEAC40,000000FF,?,00CA650E,00000000), ref: 00CA6E97
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,1EC26200,00000000,00CEA250,000000FF,?,00000000,00000000,00CEAC40,000000FF,1EC26200), ref: 00CA6F1D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Local$AllocFree
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2012307162-0
                                                                                                                                                                                                      • Opcode ID: 5c439e2afc7b9daa596e216bc478e734870f8689392185929d9ac2897c70d7df
                                                                                                                                                                                                      • Instruction ID: 78c2c51ac736002b3b801f91076895217153f4264adee8b8a6b4832ec6b9562b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c439e2afc7b9daa596e216bc478e734870f8689392185929d9ac2897c70d7df
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3551A6B5A002469FDB18CF68D985BAEFBB5FB09354F14462DE825E7380D735AE40CB90
                                                                                                                                                                                                      Function 00CA4B20 Relevance: 5.2, APIs: 4, Instructions: 163memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,80000022,?,?,?,00000000,?,?,00000000,?), ref: 00CA4BA7
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,7FFFFFFF,?,?,?,00000000,?,?,00000000,?), ref: 00CA4BC7
                                                                                                                                                                                                      • LocalFree.KERNEL32(7FFFFFFE,?,?,?,?,?,00000000,?,?,00000000,?), ref: 00CA4C4D
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,1EC26200,00000000,00000000,Function_0004A160,000000FF,?,?,00000000,?,?,00000000,?), ref: 00CA4CCD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000044.00000002.98316650886.0000000000CA1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316594252.0000000000CA0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98316805533.0000000000CEE000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317059083.0000000000D01000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000044.00000002.98317120244.0000000000D05000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_68_2_ca0000_MSI629.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Local$AllocFree
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2012307162-0
                                                                                                                                                                                                      • Opcode ID: 6f9b96d97059b1c9456e7d0ba48e87f32a3bb1fcc7a36c7088e7e5dc5bd907b8
                                                                                                                                                                                                      • Instruction ID: 06baae12bbb0d70734a04f32b3ecb66a79be14de64fa8425f6b81d22247f01f3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f9b96d97059b1c9456e7d0ba48e87f32a3bb1fcc7a36c7088e7e5dc5bd907b8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C5107726042159FC7149F68DC81B6EB7E8EB8A768F040A6EF826D7391DB70DD0487A1

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:0.9%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                                                      Total number of Nodes:316
                                                                                                                                                                                                      Total number of Limit Nodes:25
                                                                                                                                                                                                      execution_graph 26680 7ff7b6f0d919 26681 7ff7b6f0d91d 26680->26681 26682 7ff7b6f0d941 GetCurrentProcess PrefetchVirtualMemory 26680->26682 26687 7ff7b6f0d990 75 API calls 26681->26687 26682->26681 26688 7ff7b6f0dc1c 26693 7ff7b70d1150 26688->26693 26690 7ff7b6f0db4a 26699 7ff7b7091d80 26690->26699 26694 7ff7b70d1186 26693->26694 26708 7ff7b70fa6d0 26694->26708 26696 7ff7b70d119b 26697 7ff7b7091d80 8 API calls 26696->26697 26698 7ff7b70d11c9 26697->26698 26698->26690 26700 7ff7b7091d89 26699->26700 26701 7ff7b7092010 IsProcessorFeaturePresent 26700->26701 26702 7ff7b6f0dba5 26700->26702 26703 7ff7b7092028 26701->26703 26713 7ff7b7092154 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 26703->26713 26705 7ff7b709203b 26714 7ff7b70921c8 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 26705->26714 26709 7ff7b70fa6eb 26708->26709 26711 7ff7b70fa6f3 26709->26711 26712 7ff7b702f5d0 11 API calls 26709->26712 26711->26696 26712->26711 26713->26705 27064 7ff7b70f8530 90 API calls 26992 7ff7b6f12420 144 API calls 27065 7ff7b70a3d24 19 API calls 26993 7ff7b6f01000 8 API calls 27066 7ff7b701a120 83 API calls 26995 7ff7b7094a18 61 API calls 26830 7ff7b708f61c 26835 7ff7b70b9944 GetLastError 26830->26835 26832 7ff7b708f625 26868 7ff7b70b9fc8 26832->26868 26836 7ff7b70b9985 FlsSetValue 26835->26836 26837 7ff7b70b9968 FlsGetValue 26835->26837 26839 7ff7b70b9997 26836->26839 26854 7ff7b70b9975 26836->26854 26838 7ff7b70b997f 26837->26838 26837->26854 26838->26836 26872 7ff7b708dbf0 26839->26872 26840 7ff7b70b99f1 SetLastError 26842 7ff7b70b9a11 26840->26842 26843 7ff7b70b99fe 26840->26843 26877 7ff7b70aa3c0 61 API calls 26842->26877 26843->26832 26846 7ff7b70b99c4 FlsSetValue 26849 7ff7b70b99e2 26846->26849 26850 7ff7b70b99d0 FlsSetValue 26846->26850 26847 7ff7b70b99b4 FlsSetValue 26847->26854 26848 7ff7b70b9a16 26852 7ff7b70b9a44 FlsSetValue 26848->26852 26853 7ff7b70b9a29 FlsGetValue 26848->26853 26876 7ff7b70b9cd8 EnterCriticalSection LeaveCriticalSection 26849->26876 26850->26854 26856 7ff7b70b9a51 26852->26856 26863 7ff7b70b9a36 26852->26863 26855 7ff7b70b9a3e 26853->26855 26853->26863 26854->26840 26855->26852 26858 7ff7b708dbf0 2 API calls 26856->26858 26859 7ff7b70b9a60 26858->26859 26861 7ff7b70b9a7e FlsSetValue 26859->26861 26862 7ff7b70b9a6e FlsSetValue 26859->26862 26860 7ff7b70b9ab9 26864 7ff7b70b9a8a FlsSetValue 26861->26864 26865 7ff7b70b9a9c 26861->26865 26862->26863 26867 7ff7b70b9a3c 26863->26867 26879 7ff7b70aa3c0 61 API calls 26863->26879 26864->26863 26878 7ff7b70b9cd8 EnterCriticalSection LeaveCriticalSection 26865->26878 26867->26832 26869 7ff7b70b9fdd 26868->26869 26871 7ff7b708f63e 26868->26871 26869->26871 26881 7ff7b70bea30 26869->26881 26874 7ff7b708dc06 26872->26874 26873 7ff7b708dc27 26873->26846 26873->26847 26874->26873 26880 7ff7b71078b0 EnterCriticalSection LeaveCriticalSection 26874->26880 26876->26854 26877->26848 26878->26867 26879->26860 26880->26874 26882 7ff7b70b9944 61 API calls 26881->26882 26883 7ff7b70bea3f 26882->26883 26884 7ff7b70bea8a 26883->26884 26891 7ff7b70bade8 EnterCriticalSection 26883->26891 26884->26871 26886 7ff7b70bea68 26887 7ff7b70bae04 LeaveCriticalSection 26886->26887 26888 7ff7b70bea85 26887->26888 26888->26884 26889 7ff7b70aa3c0 61 API calls 26888->26889 26890 7ff7b70bea9d 26889->26890 26996 7ff7b6f55830 91 API calls 26998 7ff7b70cec50 15 API calls 27070 7ff7b6f010f0 TryAcquireSRWLockExclusive ReleaseSRWLockExclusive AcquireSRWLockExclusive TryAcquireSRWLockExclusive ReleaseSRWLockExclusive 26715 7ff7b6f0c93f 26716 7ff7b7091d80 8 API calls 26715->26716 26717 7ff7b6f0c94c 26716->26717 27000 7ff7b7109620 63 API calls 27071 7ff7b708cb40 10 API calls 27072 7ff7b6f07ee0 29 API calls 27004 7ff7b711a230 11 API calls 27005 7ff7b6f0e250 56 API calls 27007 7ff7b6f0a854 VirtualAlloc 27008 7ff7b6f49450 94 API calls 27009 7ff7b6f065d8 84 API calls 27074 7ff7b7092570 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 27075 7ff7b6f0b360 9 API calls 27077 7ff7b7042370 65 API calls 27078 7ff7b6f04ec7 77 API calls 27014 7ff7b7105660 143 API calls 27015 7ff7b70b2458 8 API calls 26892 7ff7b6f0a874 26893 7ff7b6f0a85a VirtualAlloc 26892->26893 26894 7ff7b6f0a86e 26893->26894 26900 7ff7b6f0d875 26901 7ff7b6f0d87d 26900->26901 26902 7ff7b7091d80 8 API calls 26901->26902 26903 7ff7b6f0d88a 26902->26903 27080 7ff7b6f0d775 87 API calls 27082 7ff7b70f8f90 66 API calls 27020 7ff7b6f03fad 13 API calls 27088 7ff7b6f12d90 156 API calls 27090 7ff7b6f43b90 75 API calls 26895 7ff7b7056780 26896 7ff7b7056820 26895->26896 26897 7ff7b701ac90 50 API calls 26896->26897 26898 7ff7b7056869 26897->26898 26899 7ff7b7056939 GetModuleHandleW GetProcAddress 26898->26899 26899->26898 27091 7ff7b7077b80 TryAcquireSRWLockExclusive AcquireSRWLockExclusive ReleaseSRWLockExclusive 27026 7ff7b6f1369d 12 API calls 27027 7ff7b6f04b90 9 API calls 27093 7ff7b70ff9b0 9 API calls 27028 7ff7b6f106a0 144 API calls 27029 7ff7b70124b0 56 API calls 27030 7ff7b6f0a4a0 22 API calls 27031 7ff7b6f154a0 7 API calls 27094 7ff7b6f0cfa0 68 API calls 27095 7ff7b6f0f9a0 13 API calls 26718 7ff7b6f131a8 26719 7ff7b6f131e0 26718->26719 26730 7ff7b701ac90 26719->26730 26721 7ff7b6f13229 CreateFileMappingW 26722 7ff7b6f13254 GetLastError 26721->26722 26727 7ff7b6f131ed 26721->26727 26723 7ff7b6f132e0 26722->26723 26722->26727 26723->26727 26728 7ff7b6f133a4 26723->26728 26766 7ff7b707d2d0 GetModuleHandleW GetProcAddress 26723->26766 26724 7ff7b6f13299 MapViewOfFile 26724->26727 26726 7ff7b6f1327f SetLastError 26726->26727 26727->26721 26727->26724 26727->26726 26727->26728 26765 7ff7b70594a0 29 API calls 26727->26765 26731 7ff7b701acee 26730->26731 26732 7ff7b701ae85 26730->26732 26733 7ff7b701b2ce 26731->26733 26739 7ff7b701aef0 26731->26739 26740 7ff7b701ad74 26731->26740 26743 7ff7b701af03 26731->26743 26735 7ff7b701aee7 26732->26735 26736 7ff7b701ae91 26732->26736 26732->26739 26773 7ff7b7101970 15 API calls 26733->26773 26734 7ff7b701aeb2 26734->26732 26768 7ff7b6f168e0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 26734->26768 26767 7ff7b701b3a0 35 API calls 26735->26767 26738 7ff7b7091d80 8 API calls 26736->26738 26742 7ff7b701ae9e 26738->26742 26739->26736 26774 7ff7b7126ca0 11 API calls 26739->26774 26740->26732 26740->26733 26740->26734 26745 7ff7b701adb8 QueryPerformanceCounter 26740->26745 26742->26727 26754 7ff7b701ae59 26743->26754 26771 7ff7b708f6c4 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 26743->26771 26745->26739 26757 7ff7b701ade4 26745->26757 26747 7ff7b701af5f 26748 7ff7b701af96 26747->26748 26764 7ff7b701b0e9 26747->26764 26748->26734 26751 7ff7b701ae6f ReleaseSRWLockExclusive 26748->26751 26749 7ff7b701b34a 26749->26727 26750 7ff7b701ae1f TryAcquireSRWLockExclusive 26753 7ff7b701b0d7 AcquireSRWLockExclusive 26750->26753 26759 7ff7b701ae34 26750->26759 26751->26732 26753->26764 26754->26732 26754->26747 26756 7ff7b701ae67 26754->26756 26772 7ff7b708f6c4 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 26754->26772 26756->26751 26757->26750 26769 7ff7b708f6c4 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 26757->26769 26759->26754 26770 7ff7b708f6c4 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 26759->26770 26762 7ff7b701b1e0 ReleaseSRWLockExclusive 26762->26764 26763 7ff7b6f168e0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 26763->26764 26764->26749 26764->26762 26764->26763 26765->26727 26767->26736 26768->26732 26773->26732 26774->26736 27096 7ff7b70907a4 GetSystemTimeAsFileTime 26794 7ff7b71074a0 26795 7ff7b71074b8 26794->26795 26796 7ff7b71074ef 26795->26796 26798 7ff7b6f07760 26795->26798 26799 7ff7b6f07786 26798->26799 26802 7ff7b6f0780a 26798->26802 26800 7ff7b6f07790 VirtualFree 26799->26800 26799->26802 26801 7ff7b6f0783d GetLastError 26800->26801 26800->26802 26801->26802 26803 7ff7b6f07847 VirtualFree 26801->26803 26802->26795 26804 7ff7b6f0787f TryAcquireSRWLockExclusive 26803->26804 26805 7ff7b6f07899 26803->26805 26804->26805 26806 7ff7b6f078de ReleaseSRWLockExclusive 26805->26806 26809 7ff7b70d3dc0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 26805->26809 26810 7ff7b70200e0 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 26805->26810 26806->26805 26810->26805 27037 7ff7b6f104b0 100 API calls 27038 7ff7b6f0aab0 77 API calls 26918 7ff7b6f0c9b6 26929 7ff7b6f0cb30 26918->26929 26920 7ff7b6f0c9e6 26928 7ff7b6f0ca4e 26920->26928 26975 7ff7b6f0ca80 TryAcquireSRWLockExclusive ReleaseSRWLockExclusive TryAcquireSRWLockExclusive AcquireSRWLockExclusive 26920->26975 26930 7ff7b6f0cb59 26929->26930 26931 7ff7b6f0cb64 26929->26931 26976 7ff7b6f0ce60 12 API calls 26930->26976 26932 7ff7b6f0cbb6 26931->26932 26935 7ff7b6f0cba1 VirtualAlloc 26931->26935 26934 7ff7b6f0cd7c VirtualFree 26932->26934 26941 7ff7b6f0cbcd 26932->26941 26936 7ff7b6f0cd95 26934->26936 26943 7ff7b6f0cdbb 26934->26943 26935->26932 26937 7ff7b6f0cbe4 GetLastError 26935->26937 26940 7ff7b6f0cda2 VirtualFree 26936->26940 26938 7ff7b6f0cdc8 26937->26938 26939 7ff7b6f0cbf9 26937->26939 26982 7ff7b7107860 TryAcquireSRWLockExclusive AcquireSRWLockExclusive TryAcquireSRWLockExclusive ReleaseSRWLockExclusive 26938->26982 26977 7ff7b6f0ce60 12 API calls 26939->26977 26940->26943 26941->26920 26943->26920 26945 7ff7b6f0cbfe VirtualAlloc 26951 7ff7b6f0cc69 GetLastError 26945->26951 26952 7ff7b6f0cc4d 26945->26952 26946 7ff7b6f0cdcd 26983 7ff7b7107810 VirtualAlloc GetLastError 26946->26983 26949 7ff7b6f0cddd 26949->26932 26953 7ff7b6f0ccee 26949->26953 26954 7ff7b6f0cc7e 26951->26954 26955 7ff7b6f0ce0d 26951->26955 26952->26940 26952->26941 26952->26953 26953->26941 26978 7ff7b6f0ce60 12 API calls 26954->26978 26984 7ff7b7107860 TryAcquireSRWLockExclusive AcquireSRWLockExclusive TryAcquireSRWLockExclusive ReleaseSRWLockExclusive 26955->26984 26958 7ff7b6f0cc83 VirtualAlloc 26962 7ff7b6f0ccd2 26958->26962 26963 7ff7b6f0ccf6 GetLastError 26958->26963 26959 7ff7b6f0ce15 26985 7ff7b7107810 VirtualAlloc GetLastError 26959->26985 26962->26941 26962->26953 26966 7ff7b6f0cdeb VirtualFree 26962->26966 26964 7ff7b6f0cd0b 26963->26964 26965 7ff7b6f0ce33 26963->26965 26979 7ff7b6f0ce60 12 API calls 26964->26979 26986 7ff7b7107860 TryAcquireSRWLockExclusive AcquireSRWLockExclusive TryAcquireSRWLockExclusive ReleaseSRWLockExclusive 26965->26986 26966->26943 26966->26964 26969 7ff7b6f0ce38 26987 7ff7b7107810 VirtualAlloc GetLastError 26969->26987 26970 7ff7b6f0cd10 26970->26955 26973 7ff7b6f0cd23 26970->26973 26973->26953 26980 7ff7b70cf760 6 API calls 26973->26980 26981 7ff7b70cf7b0 VirtualFree VirtualAlloc GetLastError 26973->26981 26976->26931 26977->26945 26978->26958 26979->26970 26980->26973 26981->26973 26982->26946 26983->26949 26984->26959 26985->26952 26986->26969 26987->26962 27040 7ff7b6f03770 14 API calls 27099 7ff7b7100bd0 69 API calls 27102 7ff7b6f0a3c0 9 API calls 27103 7ff7b6f09bc3 Sleep 26775 7ff7b70adbc0 26776 7ff7b70adbe9 26775->26776 26781 7ff7b70adc34 26775->26781 26776->26781 26786 7ff7b7036be0 26776->26786 26778 7ff7b70adc1d 26790 7ff7b708f5fc 8 API calls 26778->26790 26780 7ff7b70adc22 26792 7ff7b70bbce4 61 API calls 26780->26792 26782 7ff7b70adc04 26782->26778 26782->26781 26783 7ff7b70adc56 26782->26783 26783->26781 26791 7ff7b708f5fc 8 API calls 26783->26791 26788 7ff7b7036bf1 26786->26788 26787 7ff7b7036c0f 26787->26782 26788->26787 26793 7ff7b71078b0 EnterCriticalSection LeaveCriticalSection 26788->26793 26790->26780 26791->26780 26792->26781 26793->26788 27104 7ff7b6f11bca 85 API calls 27105 7ff7b6f01c60 TryAcquireSRWLockExclusive ReleaseSRWLockExclusive AcquireSRWLockExclusive 27045 7ff7b7126ab0 127 API calls 27108 7ff7b6f0ebd0 9 API calls 27046 7ff7b6f090d2 19 API calls 26904 7ff7b70b9abc GetLastError 26905 7ff7b70b9afd FlsSetValue 26904->26905 26909 7ff7b70b9ae0 26904->26909 26906 7ff7b70b9b0f 26905->26906 26916 7ff7b70b9aed 26905->26916 26908 7ff7b708dbf0 2 API calls 26906->26908 26907 7ff7b70b9b69 SetLastError 26910 7ff7b70b9b1e 26908->26910 26909->26905 26909->26916 26911 7ff7b70b9b3c FlsSetValue 26910->26911 26912 7ff7b70b9b2c FlsSetValue 26910->26912 26913 7ff7b70b9b5a 26911->26913 26914 7ff7b70b9b48 FlsSetValue 26911->26914 26912->26916 26917 7ff7b70b9cd8 EnterCriticalSection LeaveCriticalSection 26913->26917 26914->26916 26916->26907 26917->26916 27047 7ff7b6f09ada ReleaseSRWLockExclusive 27048 7ff7b6f01352 74 API calls 27050 7ff7b6f121c0 30 API calls 27112 7ff7b70f53f0 13 API calls 27113 7ff7b6f085e0 64 API calls 27052 7ff7b6f0d29d 10 API calls 27114 7ff7b6f03440 56 API calls 26811 7ff7b701d5e0 26814 7ff7b701d620 26811->26814 26815 7ff7b701d67d 26814->26815 26819 7ff7b701d5fb 26814->26819 26815->26819 26823 7ff7b701d6b3 26815->26823 26826 7ff7b70901cc EnterCriticalSection LeaveCriticalSection 26815->26826 26817 7ff7b701d6d9 26825 7ff7b708f6c4 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 26817->26825 26821 7ff7b701d726 26827 7ff7b708f6c4 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 26821->26827 26824 7ff7b70901cc EnterCriticalSection LeaveCriticalSection 26823->26824 26824->26817 26826->26821 27057 7ff7b6f086f0 EnterCriticalSection LeaveCriticalSection 26828 7ff7b6f0db4a 8 API calls 27116 7ff7b6f137f2 63 API calls 26658 7ff7b70a3310 26659 7ff7b70a344c 26658->26659 26660 7ff7b70a3471 GetModuleHandleW 26659->26660 26661 7ff7b70a34bb 26659->26661 26660->26661 26666 7ff7b70a347e 26660->26666 26670 7ff7b70a35e0 26661->26670 26664 7ff7b70a3509 26678 7ff7b70a3418 11 API calls 26664->26678 26665 7ff7b70a34fe 26666->26661 26677 7ff7b70a3384 GetModuleHandleExW GetProcAddress FreeLibrary 26666->26677 26679 7ff7b70bade8 EnterCriticalSection 26670->26679 26672 7ff7b70a35fc 26673 7ff7b70a3514 EnterCriticalSection LeaveCriticalSection 26672->26673 26674 7ff7b70a3605 26673->26674 26675 7ff7b70bae04 LeaveCriticalSection 26674->26675 26676 7ff7b70a34f7 26675->26676 26676->26664 26676->26665 26677->26661 27118 7ff7b70f8810 68 API calls 27119 7ff7b6f07430 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 27058 7ff7b6f09d00 62 API calls 27120 7ff7b6f0be00 GetLastError SetLastError 27121 7ff7b6f0d79e 92 API calls 27060 7ff7b6f0d10a 75 API calls 27061 7ff7b6f03920 52 API calls 27122 7ff7b6f03620 9 API calls

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 00007FF7B6F0CB30 Relevance: 11.5, APIs: 9, Instructions: 223memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 56 7ff7b6f0cb30-7ff7b6f0cb57 57 7ff7b6f0cb59-7ff7b6f0cb6a call 7ff7b6f0ce60 56->57 58 7ff7b6f0cb6d-7ff7b6f0cb71 56->58 57->58 59 7ff7b6f0cb77-7ff7b6f0cb7e 58->59 60 7ff7b6f0cd79-7ff7b6f0cd7a 58->60 63 7ff7b6f0cb8e-7ff7b6f0cb9b 59->63 64 7ff7b6f0cb80-7ff7b6f0cb8c 59->64 65 7ff7b6f0cd7c-7ff7b6f0cd8f VirtualFree 60->65 66 7ff7b6f0cba1-7ff7b6f0cbb4 VirtualAlloc 63->66 64->66 67 7ff7b6f0cd95 65->67 68 7ff7b6f0ce56-7ff7b6f0ce59 65->68 69 7ff7b6f0cbe4-7ff7b6f0cbf3 GetLastError 66->69 70 7ff7b6f0cbb6-7ff7b6f0cbc7 66->70 74 7ff7b6f0cda2-7ff7b6f0cdb5 VirtualFree 67->74 72 7ff7b6f0cdc8-7ff7b6f0cde0 call 7ff7b7107860 call 7ff7b7107810 69->72 73 7ff7b6f0cbf9-7ff7b6f0cc19 call 7ff7b6f0ce60 69->73 70->65 71 7ff7b6f0cbcd 70->71 75 7ff7b6f0cbd0-7ff7b6f0cbe3 71->75 72->70 88 7ff7b6f0cde6 72->88 82 7ff7b6f0cc29-7ff7b6f0cc36 73->82 83 7ff7b6f0cc1b-7ff7b6f0cc27 73->83 74->68 77 7ff7b6f0cdbb-7ff7b6f0cdc3 74->77 85 7ff7b6f0cc3c-7ff7b6f0cc4b VirtualAlloc 82->85 83->85 86 7ff7b6f0cc69-7ff7b6f0cc78 GetLastError 85->86 87 7ff7b6f0cc4d-7ff7b6f0cc5e 85->87 90 7ff7b6f0cc7e-7ff7b6f0cc9e call 7ff7b6f0ce60 86->90 91 7ff7b6f0ce10-7ff7b6f0ce28 call 7ff7b7107860 call 7ff7b7107810 86->91 87->71 89 7ff7b6f0cc64 87->89 88->75 89->74 96 7ff7b6f0ccae-7ff7b6f0ccbb 90->96 97 7ff7b6f0cca0-7ff7b6f0ccac 90->97 91->87 103 7ff7b6f0ce2e 91->103 99 7ff7b6f0ccc1-7ff7b6f0ccd0 VirtualAlloc 96->99 97->99 101 7ff7b6f0ccd2-7ff7b6f0cce3 99->101 102 7ff7b6f0ccf6-7ff7b6f0cd05 GetLastError 99->102 101->71 104 7ff7b6f0cce9-7ff7b6f0cdfe VirtualFree 101->104 105 7ff7b6f0cd0b-7ff7b6f0cd1d call 7ff7b6f0ce60 102->105 106 7ff7b6f0ce33-7ff7b6f0ce4b call 7ff7b7107860 call 7ff7b7107810 102->106 103->75 104->68 110 7ff7b6f0ce00-7ff7b6f0ce08 104->110 113 7ff7b6f0ce0d-7ff7b6f0ce0e 105->113 114 7ff7b6f0cd23-7ff7b6f0cd31 call 7ff7b70cf760 105->114 106->101 118 7ff7b6f0ce51 106->118 110->105 113->91 120 7ff7b6f0ccee-7ff7b6f0ccf1 114->120 121 7ff7b6f0cd33-7ff7b6f0cd72 call 7ff7b70cf7b0 114->121 118->75 120->75 121->114 124 7ff7b6f0cd74 121->124 124->75
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Virtual$Alloc$ErrorFreeLast$ExclusiveLock$AcquireRelease
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2766871365-0
                                                                                                                                                                                                      • Opcode ID: 442683ba7d0118f1a2df787b1e5223878b02f907284672e2e0345821d0b66b36
                                                                                                                                                                                                      • Instruction ID: da250ac6d94ec7537375e141b4bc2433c302e3d07755b25c3148cecbab686343
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 442683ba7d0118f1a2df787b1e5223878b02f907284672e2e0345821d0b66b36
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C571C311B0D11F4AF928BF6AAC1573A95816FA7F85FC4847ADF0E46798ED3CE0028230
                                                                                                                                                                                                      Function 00007FF7B6F131A8 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 84fileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorExclusiveFileLastLock$AcquireCounterCreateMappingPerformanceQueryReleaseView
                                                                                                                                                                                                      • String ID: ..\..\base\files\memory_mapped_file_win.cc$MapImageToMemory$ScopedBlockingCall
                                                                                                                                                                                                      • API String ID: 749074358-923734411
                                                                                                                                                                                                      • Opcode ID: dda6f8c7c05d8fb85fb532a4253e39b284c7a9df6a6c75edcb794b6b929909a1
                                                                                                                                                                                                      • Instruction ID: 7282115df393348abe501253c232577005177ab87e1d9a4e14497ee4734db18e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dda6f8c7c05d8fb85fb532a4253e39b284c7a9df6a6c75edcb794b6b929909a1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5141796260CA8585EB20BF28E4543BAB361FFA2785F805135D74E57A69CF3DE006C760
                                                                                                                                                                                                      Function 00007FF7B7056780 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 73COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: ..\..\base\files\file_win.cc$Close$GetHandleVerifier$ScopedBlockingCall$chrome.dll
                                                                                                                                                                                                      • API String ID: 0-503312030
                                                                                                                                                                                                      • Opcode ID: c2c8b050f133688c9b86fbd4ceda2a277091038392f0f2a4eb4e83e1cb133fa7
                                                                                                                                                                                                      • Instruction ID: 35592e4a4e2b90682997f91d9e5498e807d8e842eda2f131a87fea9c3b529b04
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2c8b050f133688c9b86fbd4ceda2a277091038392f0f2a4eb4e83e1cb133fa7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F313531A1CA8690EB24AB29F4547B5A3A1FFA6784FC44132DB8E57778DE3CD146C320
                                                                                                                                                                                                      Function 00007FF7B70B9ABC Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2506987500-0
                                                                                                                                                                                                      • Opcode ID: 199d26157bc932c174a79e53f701bfa136bcc8c85240ee69ec11309294c94188
                                                                                                                                                                                                      • Instruction ID: 0fba7a652d8415b882681e84bf9eeaaf679348ac00542bf793be325274b75958
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 199d26157bc932c174a79e53f701bfa136bcc8c85240ee69ec11309294c94188
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58116220B1C24681F914B32DA555639F1619F6A7B0F804736FA3E877FEDE2CA5435230
                                                                                                                                                                                                      Function 00007FF7B6F07760 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeVirtual$AcquireErrorExclusiveLastLock
                                                                                                                                                                                                      • String ID: bitset reset argument out of range
                                                                                                                                                                                                      • API String ID: 2644420941-1934458321
                                                                                                                                                                                                      • Opcode ID: eae76849e8b56352ce3349d71a6944e1a1a2b1c1d581672ee630990d7e54f6c2
                                                                                                                                                                                                      • Instruction ID: c73629d0e35c3df7fb98058035b6c99f6b52db2ad055e0044badd01d3fff509f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eae76849e8b56352ce3349d71a6944e1a1a2b1c1d581672ee630990d7e54f6c2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2411663B0864A46EE186B2ABD44375A251EF657E2F544234DF3E477E8DE3CD192C320
                                                                                                                                                                                                      Function 00007FF7B6F0D919 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentMemoryPrefetchProcessVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3768025762-0
                                                                                                                                                                                                      • Opcode ID: c3444246638c9a23fcf53583f3de372300e9ccf56ef9e25f0cc0996809809f2d
                                                                                                                                                                                                      • Instruction ID: 487cc564c6fc03bb6d9b65046d406244279de0ee42fbe91c32ee8272d7333656
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3444246638c9a23fcf53583f3de372300e9ccf56ef9e25f0cc0996809809f2d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71F06222B09A5642EB50BF29B86036AA350EFD5B80F800035EB8E93B59CE2CE5428750
                                                                                                                                                                                                      Function 00007FF7B6F0A874 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 174 7ff7b6f0a874-7ff7b6f0a87a VirtualAlloc 176 7ff7b6f0a86e-7ff7b6f0a873 174->176
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                                      • Opcode ID: 200c51e6a23d2084d203cc7c1e7f85710ca22c2e49926b5ba8c65aa3c01ade86
                                                                                                                                                                                                      • Instruction ID: 349ab7adc83a8c7238cbb8a90643c23ed3eff8de57d415c747b8f3cac6878961
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 200c51e6a23d2084d203cc7c1e7f85710ca22c2e49926b5ba8c65aa3c01ade86
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5C08C51F0C05540FE693B5A78047B580800F26FC2E9840B8CF1D02AC8CD1DA9C31730
                                                                                                                                                                                                      Function 00007FF7B6F0A854 Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 177 7ff7b6f0a854-7ff7b6f0a873 VirtualAlloc
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                                      • Opcode ID: 5e537fd50c9412a7d8a1e1e3c464935a1e0c5cc40d7e4e3e39b72788bff5495d
                                                                                                                                                                                                      • Instruction ID: 07d6359732f792d21c2968d688748a48d3d1f20f1008004f9eb3a552f74aa32f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e537fd50c9412a7d8a1e1e3c464935a1e0c5cc40d7e4e3e39b72788bff5495d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60C02B51F0C01000FE65374674007A140400F25FC2F440078CF1C067C8CD1DA9C30730

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 00007FF7B701A120 Relevance: 32.0, APIs: 12, Strings: 6, Instructions: 483synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireErrorLast$CounterPerformanceQueryRelease$ObjectSingleWait
                                                                                                                                                                                                      • String ID: ..\..\base\synchronization\waitable_event.cc$..\..\third_party\libc++\src\include\optional:795: assertion this->has_value() failed: optional operator* called on a disengaged value$<$ScopedBlockingCallWithBaseSyncPrimitives$TimedWait$WaitableEvent::Wait Complete
                                                                                                                                                                                                      • API String ID: 3660234338-3677309058
                                                                                                                                                                                                      • Opcode ID: 1403628a377d5555c6e4fb31157c0db220140478e7c8c1230e386d09207b030b
                                                                                                                                                                                                      • Instruction ID: a3e36316bfd03f86f6eabf6188da98077d7ae1bdb8d94fbf5b24ab1fa2d12792
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1403628a377d5555c6e4fb31157c0db220140478e7c8c1230e386d09207b030b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD22D961A0C68644EA61AB2CE414379E351FFA6794FC44133EB4E57AB9EF7CE0479320
                                                                                                                                                                                                      Function 00007FF7B6F57790 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 214pipeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast$ConditionMask$CreateFreeInfoLocalNamedPipeVerifyVersion
                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\util\win\registration_protocol_win.cc$..\..\third_party\crashpad\crashpad\util\win\scoped_local_alloc.cc$BuildSecurityDescriptor$ConvertStringSecurityDescriptorToSecurityDescriptor$D:(A;;GA;;;SY)(A;;GWGR;;;S-1-15-2-1)S:(ML;;;;;S-1-16-0)$LocalFree
                                                                                                                                                                                                      • API String ID: 2052200148-909682083
                                                                                                                                                                                                      • Opcode ID: 61593712ed5b43e82930bc4f6697dd8f57fd0aaafc9e9af1655164188f4d70fb
                                                                                                                                                                                                      • Instruction ID: 3a7fdaad23d7c4d9f5fa93c874a6375d266bff3037f8b411ad8b75236a0b6d51
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 61593712ed5b43e82930bc4f6697dd8f57fd0aaafc9e9af1655164188f4d70fb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53A1B43160868685FB20AB29F4453AAA3A0FFA6784F804135DB4D477ADDF3DD647C760
                                                                                                                                                                                                      Function 00007FF7B6F5F310 Relevance: 23.2, APIs: 8, Strings: 5, Instructions: 426COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateErrorEventLast$Exception$CurrentFilterHandlerProcessUnhandledVectored
                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\client\crashpad_client_win.cc$CreateNamedPipe$CreatePipe$CreateThread$\\.\pipe\crashpad_%lu_
                                                                                                                                                                                                      • API String ID: 2402848785-465946070
                                                                                                                                                                                                      • Opcode ID: 350bc5f7efc058046f456ff1496d0b06dfe7a7de2ccdb85a36ace9ff6be78c52
                                                                                                                                                                                                      • Instruction ID: 685fb3072bc8b285c0c19d889f600f9236ed51b2470fc3988d6682fdab18051b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 350bc5f7efc058046f456ff1496d0b06dfe7a7de2ccdb85a36ace9ff6be78c52
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7512D972A09B8985EA10EB29E8043BAA3A4FB66784F854171DF8D4379DDF3CE546C710
                                                                                                                                                                                                      Function 00007FF7B6F42370 Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 305filelibraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorExclusiveLastLock$AcquireAddressCounterCreateFileFreeHandleLocalModulePerformanceProcQueryRelease
                                                                                                                                                                                                      • String ID: ..\..\base\win\security_util.cc$AddACEToPath$GetHandleVerifier$ScopedBlockingCall
                                                                                                                                                                                                      • API String ID: 2791517501-314747623
                                                                                                                                                                                                      • Opcode ID: b8e8badbf2c626e6e21544e9f15bf280c9ed47ef74d1606d9037109504e7693d
                                                                                                                                                                                                      • Instruction ID: dc8d877881685ce4c5da17fa9fa658cf7f9b49b291e0e4bd11d3b763a89724a0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b8e8badbf2c626e6e21544e9f15bf280c9ed47ef74d1606d9037109504e7693d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DAD19531A0C68A45EA21AB29A8047FBE361FFA6795F840171DB8D07B9DDF3DD442C720
                                                                                                                                                                                                      Function 00007FF7B7014400 Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 391COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00007FF7B70148DF
                                                                                                                                                                                                      • UUUUUUUU, xrefs: 00007FF7B701449C
                                                                                                                                                                                                      • 33333333, xrefs: 00007FF7B70144AF
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00007FF7B7014905
                                                                                                                                                                                                      • UUUUUUUU, xrefs: 00007FF7B7014982
                                                                                                                                                                                                      • 33333333, xrefs: 00007FF7B7014995
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00007FF7B70148F2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$33333333$33333333$UUUUUUUU$UUUUUUUU
                                                                                                                                                                                                      • API String ID: 1678258262-3195743867
                                                                                                                                                                                                      • Opcode ID: 7ff0ceec691e6256fee20258fd05f64ef5173a412bb5fe3d73cf61ad8c2d864f
                                                                                                                                                                                                      • Instruction ID: 907c8abaf739b27507b5e04acd7e9f7f1bb0b30782f4dea252e762a25e6367b8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ff0ceec691e6256fee20258fd05f64ef5173a412bb5fe3d73cf61ad8c2d864f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15E1B461B1964A41EE10EB199414278A291AF67BD0FD88133FB1D97BBDFE3CF4468321
                                                                                                                                                                                                      Function 00007FF7B7105660 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 338COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFileFilterModuleNameUnhandled
                                                                                                                                                                                                      • String ID: --monitor-self-annotation=%s=%s$--monitor-self-argument=--monitor-self is not supported$--no-identify-client-via-url$--no-periodic-tasks$--no-rate-limit$--no-upload-gzip$..\..\third_party\crashpad\crashpad\handler\handler_main.cc$..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at
                                                                                                                                                                                                      • API String ID: 3130446091-567612736
                                                                                                                                                                                                      • Opcode ID: 32e7e8abc0d3ae362e31ba4c4232a268d55cc04835fed7914ab2137dff706e66
                                                                                                                                                                                                      • Instruction ID: e36a27b04224f6f54574cd71b3589b2ae4778dc4d481f367d257cf23cb75dff8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32e7e8abc0d3ae362e31ba4c4232a268d55cc04835fed7914ab2137dff706e66
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63F17521A0C6C680EA21AB19F4447BAE361FBA6784FD44132DB8D477ADDF3CE546C760
                                                                                                                                                                                                      Function 00007FF7B6F12F80 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 200fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorExclusiveFileLastLock$AcquireCounterCreateMappingPerformanceQueryReleaseView
                                                                                                                                                                                                      • String ID: ..\..\base\files\memory_mapped_file_win.cc$GetHandleVerifier$MapFileRegionToMemory$ScopedBlockingCall
                                                                                                                                                                                                      • API String ID: 749074358-664693454
                                                                                                                                                                                                      • Opcode ID: ae2882933187ff1f6803595d1f3e459e2f14a227283b814513830259167929a0
                                                                                                                                                                                                      • Instruction ID: 53fc9e82630873b83ff4eeb722ffea7b8395e71e57acd8ac15546c62c1e97d52
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ae2882933187ff1f6803595d1f3e459e2f14a227283b814513830259167929a0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D681DD62B1D68A46FA246B1DE8453BAA390FF66785FC05031CB4E53769DF3DE0468320
                                                                                                                                                                                                      Function 00007FF7B6F67D70 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 118filelibraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorExclusiveFileLastLock$AcquireAddressAttributesCounterCreateHandleModulePerformanceProcQueryRelease
                                                                                                                                                                                                      • String ID: ..\..\base\files\file_util_win.cc$GetHandleVerifier$PathHasAccess$ScopedBlockingCall
                                                                                                                                                                                                      • API String ID: 2667162048-2304908607
                                                                                                                                                                                                      • Opcode ID: 6635c3c21373f13680525161f5743785ba2999b2d76c390d2bd461b80308353d
                                                                                                                                                                                                      • Instruction ID: f4836d81439902c1db8b7571c7bfbb112f6a2b036db5f21b42e3ce47d8d5af61
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6635c3c21373f13680525161f5743785ba2999b2d76c390d2bd461b80308353d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B51A221A0C68A85FF206B2CF8547BAA361AFA6755FC40135DB5D876ACDF3CE446C360
                                                                                                                                                                                                      Function 00007FF7B70F8AF0 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 179windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FormatMessageW.KERNEL32 ref: 00007FF7B70F8B3F
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00007FF7B70F8B49
                                                                                                                                                                                                        • Part of subcall function 00007FF7B702FBD0: GetLastError.KERNEL32 ref: 00007FF7B702FC65
                                                                                                                                                                                                        • Part of subcall function 00007FF7B702FBD0: SetLastError.KERNEL32 ref: 00007FF7B702FC6F
                                                                                                                                                                                                        • Part of subcall function 00007FF7B702FBD0: SetLastError.KERNEL32 ref: 00007FF7B702FD48
                                                                                                                                                                                                        • Part of subcall function 00007FF7B6F246E0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7B70F8DDC), ref: 00007FF7B6F2470B
                                                                                                                                                                                                        • Part of subcall function 00007FF7B6F246E0: SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7B70F8DDC), ref: 00007FF7B6F24715
                                                                                                                                                                                                        • Part of subcall function 00007FF7B6F246E0: GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7B70F8DDC), ref: 00007FF7B6F247AD
                                                                                                                                                                                                      • LocalFree.KERNEL32 ref: 00007FF7B70F8BE7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • (0x%lX), xrefs: 00007FF7B70F8BF9
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00007FF7B70F8D54
                                                                                                                                                                                                      • Error (0x%lX) while retrieving error. (0x%lX), xrefs: 00007FF7B70F8B4F
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00007FF7B70F8D7A
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00007FF7B70F8D67
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast$Local$FormatFreeMessageTime
                                                                                                                                                                                                      • String ID: (0x%lX)$..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$Error (0x%lX) while retrieving error. (0x%lX)
                                                                                                                                                                                                      • API String ID: 2915529375-2412322823
                                                                                                                                                                                                      • Opcode ID: 125eb43c58c3821b479d7d70a90db1f168d5c36c9c8d94c8802836a929f7973f
                                                                                                                                                                                                      • Instruction ID: 19012a4181d86e77dcdcc4e68d7621638f25907562a1da0985713e59818fa2f9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 125eb43c58c3821b479d7d70a90db1f168d5c36c9c8d94c8802836a929f7973f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F071877160DB8641EB21AF29F4503AAF760EFA6780F844132DB8D97769DF3CE1468720
                                                                                                                                                                                                      Function 00007FF7B7048080 Relevance: 13.6, APIs: 9, Instructions: 110threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Thread$CurrentPerformancePriorityQuery$Counter$Frequency
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2845919953-0
                                                                                                                                                                                                      • Opcode ID: 687361f503c1ae114e700a3ce03a3c2605b7dc62ae419e28508d0a8d913b5dca
                                                                                                                                                                                                      • Instruction ID: 22b970582d010662d8196bc2a4d59213a87b1e3f1bdac52525bfc08a622dfdea
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 687361f503c1ae114e700a3ce03a3c2605b7dc62ae419e28508d0a8d913b5dca
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36518321928A4689E611FB7CB845179F365BFA6790FD14232DB4E662B8DF3CA1438230
                                                                                                                                                                                                      Function 00007FF7B70BBD4C Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1239891234-0
                                                                                                                                                                                                      • Opcode ID: 37a5bafb765a1a2e203d0819b5160b47ed21406f916dd45255f5d72f3ba8c791
                                                                                                                                                                                                      • Instruction ID: fc5cf871abbde31736bbe18d7a08544749ee26382ae1ed6bce8caed1cbbfc5ae
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37a5bafb765a1a2e203d0819b5160b47ed21406f916dd45255f5d72f3ba8c791
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58316232618F8186D760DF29E8402AEB3A0FB99754F940136EB9D43B69DF3CD1568B10
                                                                                                                                                                                                      Function 00007FF7B7017980 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 319COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7B70121D4), ref: 00007FF7B7017B10
                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7B70121D4), ref: 00007FF7B7017BF4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                      • String ID: 33333333$UUUUUUUU
                                                                                                                                                                                                      • API String ID: 17069307-3483174168
                                                                                                                                                                                                      • Opcode ID: f1942bacb461b84085248a5edf8a08e3d2b848dc49700cfc04d40197d58485f9
                                                                                                                                                                                                      • Instruction ID: 51f908cd9c9b1347b8521800f2952160b610086465e58e07a7d36fb262ce5f57
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1942bacb461b84085248a5edf8a08e3d2b848dc49700cfc04d40197d58485f9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 96D1C732A1C64641EB24AB1DD440779A391ABB6B94FD45032EB4D87BBCEF3CE5438721
                                                                                                                                                                                                      Function 00007FF7B7055B30 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 113libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                      • String ID: %08x-%04x-%04x-%04x-%012llx$ProcessPrng$bcryptprimitives.dll
                                                                                                                                                                                                      • API String ID: 2574300362-4101328353
                                                                                                                                                                                                      • Opcode ID: b0aabd3ad235f233ac74cefb195458b687495a54eb6fb75bb74c867480d71bfa
                                                                                                                                                                                                      • Instruction ID: 9ad41b8e4be86c70c19c5e8a5afdfa5fb76744353f669ba6178a5bf710b09986
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b0aabd3ad235f233ac74cefb195458b687495a54eb6fb75bb74c867480d71bfa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3641D361A18A4685FB10AB1DF4802B9A761EFA6B90FD44232DB1D477B8DF3CE5438720
                                                                                                                                                                                                      Function 00007FF7B703EEB0 Relevance: 4.6, APIs: 3, Instructions: 75COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Info$NativeProductSystemVersion
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 609512817-0
                                                                                                                                                                                                      • Opcode ID: bf2dfb88f0aa7339996e5ce81a46e64ba85b7312cf7385d4df563b3b45e4b5ad
                                                                                                                                                                                                      • Instruction ID: c66b0add97bc7b75755c1df5f391010600037ef51c8955b856dbe6976f75924d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf2dfb88f0aa7339996e5ce81a46e64ba85b7312cf7385d4df563b3b45e4b5ad
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE415B31A19A4685E710EB68F9502B9B320EBE6B50FE04272DB4D577B8CE3CF4478720
                                                                                                                                                                                                      Function 00007FF7B6F246E0 Relevance: 21.3, APIs: 4, Strings: 8, Instructions: 287timeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7B70F8DDC), ref: 00007FF7B6F2470B
                                                                                                                                                                                                      • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7B70F8DDC), ref: 00007FF7B6F24715
                                                                                                                                                                                                      • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7B70F8DDC), ref: 00007FF7B6F247AD
                                                                                                                                                                                                      • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7B70F8DDC), ref: 00007FF7B6F249F1
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\string_view:330: assertion (__end - __begin) >= 0 failed: std::string_view::string_view(iterator, sentinel) received invalid range, xrefs: 00007FF7B6F24A7C
                                                                                                                                                                                                      • :.#, xrefs: 00007FF7B6F248FB
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\string_view:422: assertion __n <= size() failed: remove_prefix() can't remove more than size(), xrefs: 00007FF7B6F24AAD
                                                                                                                                                                                                      • VERBOSE, xrefs: 00007FF7B6F24B0D
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00007FF7B6F24AC0
                                                                                                                                                                                                      • )] , xrefs: 00007FF7B6F2493D
                                                                                                                                                                                                      • UNKNOWN, xrefs: 00007FF7B6F24A4C
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00007FF7B6F24A69
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast$LocalTime
                                                                                                                                                                                                      • String ID: )] $..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:330: assertion (__end - __begin) >= 0 failed: std::string_view::string_view(iterator, sentinel) received invalid range$..\..\third_party\libc++\src\include\string_view:422: assertion __n <= size() failed: remove_prefix() can't remove more than size()$:.#$UNKNOWN$VERBOSE
                                                                                                                                                                                                      • API String ID: 3586426482-628810564
                                                                                                                                                                                                      • Opcode ID: b6759b051143518398d259b69ac11262db835e1d5f52e5b621f990536764b459
                                                                                                                                                                                                      • Instruction ID: 3fe4f99f50e0469ee3ab1cd6650a485e3bba849c3d46441a729126e6c90aa3a4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6759b051143518398d259b69ac11262db835e1d5f52e5b621f990536764b459
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FBC1FD22B0864685DA10FB19E84027AF7A1FBA6B85FC44035EF5E477A9DF7CE541CB20
                                                                                                                                                                                                      Function 00007FF7B70594A0 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 286COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • <, xrefs: 00007FF7B7059831
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\optional:795: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 00007FF7B70598CC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireErrorLast$Release$CounterPerformanceQuery
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\optional:795: assertion this->has_value() failed: optional operator* called on a disengaged value$<
                                                                                                                                                                                                      • API String ID: 593636287-1283766859
                                                                                                                                                                                                      • Opcode ID: 0f60663e4d6d663f71a87750edeef577463219218d6cd6874c41a15048d3e784
                                                                                                                                                                                                      • Instruction ID: 38c009582d003fecaec81dcde60d03e8a33f5e58f406368ba6efec383a10c2f9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f60663e4d6d663f71a87750edeef577463219218d6cd6874c41a15048d3e784
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6C1F761A1864680EB51AB29E584379B361FFA6794FD45233DB5E572B8DF3CE083C320
                                                                                                                                                                                                      Function 00007FF7B7064A70 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 286COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\optional:795: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 00007FF7B7064E9B
                                                                                                                                                                                                      • <, xrefs: 00007FF7B7064E00
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireErrorLast$Release$CounterPerformanceQuery
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\optional:795: assertion this->has_value() failed: optional operator* called on a disengaged value$<
                                                                                                                                                                                                      • API String ID: 593636287-1283766859
                                                                                                                                                                                                      • Opcode ID: 8b6334b3938afd7ab592004d75e2d9bf380a627f864c9fa8ffde3a99dd5f24e0
                                                                                                                                                                                                      • Instruction ID: 7e1ad435189ef02c3e4d839018a938dba68285a8c89f3a3e9314fd2b4fd61ba2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b6334b3938afd7ab592004d75e2d9bf380a627f864c9fa8ffde3a99dd5f24e0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69C10B21B0C64640EA51AF18E520379E361EFA6B94F849133EB5E972B8DF7CE143C320
                                                                                                                                                                                                      Function 00007FF7B6F5FA80 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 99libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ConditionMask$AddressCriticalErrorInfoInitializeLastLibraryLoadProcSectionVerifyVersion
                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\util\win\critical_section_with_debug_info.cc$InitializeCriticalSectionEx$InitializeCriticalSectionEx$kernel32.dll
                                                                                                                                                                                                      • API String ID: 1387623774-2219384513
                                                                                                                                                                                                      • Opcode ID: cab25af2479cd23fb2a6fd8da626bef8ce61a39120252119df3f9d6779b31714
                                                                                                                                                                                                      • Instruction ID: 8854e60b07afee62158d379fe73f31636c51d79f943c99ba0eac0792ba08298d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cab25af2479cd23fb2a6fd8da626bef8ce61a39120252119df3f9d6779b31714
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C415220A1D60A95FA10FB29F8643B6A351AFA6B80FC41175DB4D477EDDE2DE5038730
                                                                                                                                                                                                      Function 00007FF7B70B9944 Relevance: 18.1, APIs: 12, Instructions: 112COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2506987500-0
                                                                                                                                                                                                      • Opcode ID: 953b85e61f1bb729a36e4d80bb9dbbd308fdf6ee0fae961d8f264583e47247b7
                                                                                                                                                                                                      • Instruction ID: 216058c314053ed5be16cf360cd82b9a7859bace476aa7af13f8dac488f85ea1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 953b85e61f1bb729a36e4d80bb9dbbd308fdf6ee0fae961d8f264583e47247b7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA418C20A1C24685FA58B33CA451279E1619FA63B0F944736FB3E867FEDD2DB5439230
                                                                                                                                                                                                      Function 00007FF7B70F4B60 Relevance: 16.6, APIs: 11, Instructions: 95synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • OpenProcess.KERNEL32(?,?,00000000,?,00007FF7B7106012), ref: 00007FF7B70F4B73
                                                                                                                                                                                                        • Part of subcall function 00007FF7B7018CA0: GetLastError.KERNEL32(?,00000000,?,?,00007FF7B70F4B8E,?,?,00000000,?,00007FF7B7106012), ref: 00007FF7B7018CB4
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,?,00000000,?,00007FF7B7106012), ref: 00007FF7B70F4B92
                                                                                                                                                                                                      • TerminateProcess.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,?,00007FF7B7106012), ref: 00007FF7B70F4BE4
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,?,00007FF7B7106012), ref: 00007FF7B70F4C0E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Process$CurrentErrorLastObjectOpenSingleTerminateWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1730147810-0
                                                                                                                                                                                                      • Opcode ID: 97bedd771476fc351bd93f24a3950520c4df7e47bd57524f88939ff4c80985a5
                                                                                                                                                                                                      • Instruction ID: 279f8ebd94ef6bcc3985e659939118ec19ab973d2bfaede02a1fee3a2e08bb16
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97bedd771476fc351bd93f24a3950520c4df7e47bd57524f88939ff4c80985a5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B431A421A0C54685F7646B2EB484239E2919FEAB81FD44431DF5E8B778DE6CE4878370
                                                                                                                                                                                                      Function 00007FF7B7059990 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 395COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireRelease$CounterPerformanceQuery
                                                                                                                                                                                                      • String ID: ..\..\base\threading\scoped_blocking_call_internal.cc$MonitorNextJankWindowIfNecessary$ScopedBlockingCall$enable-background-thread-pool
                                                                                                                                                                                                      • API String ID: 1190089479-2521901312
                                                                                                                                                                                                      • Opcode ID: 38812239c9ff3b22d46917bc304bd4d63258478deb2d31426e09254b307af190
                                                                                                                                                                                                      • Instruction ID: bff0ca351f25424825cc56a59220120f1ceec80c66a2c52fa342e1a05c71feaa
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 38812239c9ff3b22d46917bc304bd4d63258478deb2d31426e09254b307af190
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46026E21A2964685FB50EB29E484379B794EBA6754FD00232DB5E862F9DF3CE447C330
                                                                                                                                                                                                      Function 00007FF7B6F0CFA0 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 219libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • PERFETTO_CHECK(false && "A track event used an unknown category. Please add it to " "PERFETTO_DEFINE_CATEGORIES()."), xrefs: 00007FF7B7045244
                                                                                                                                                                                                      • ~WaitableEvent while Signaled, xrefs: 00007FF7B70451F0
                                                                                                                                                                                                      • ..\..\third_party\perfetto\include\perfetto\tracing\track_event_category_registry.h, xrefs: 00007FF7B704522F
                                                                                                                                                                                                      • wakeup.flow,toplevel.flow, xrefs: 00007FF7B7045103
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00007FF7B7045032
                                                                                                                                                                                                      • GetHandleVerifier, xrefs: 00007FF7B7045174
                                                                                                                                                                                                      • %s (errno: %d, %s), xrefs: 00007FF7B7045250
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                      • String ID: %s (errno: %d, %s)$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\perfetto\include\perfetto\tracing\track_event_category_registry.h$GetHandleVerifier$PERFETTO_CHECK(false && "A track event used an unknown category. Please add it to " "PERFETTO_DEFINE_CATEGORIES().")$wakeup.flow,toplevel.flow$~WaitableEvent while Signaled
                                                                                                                                                                                                      • API String ID: 1646373207-3329794532
                                                                                                                                                                                                      • Opcode ID: c2cf677cee9b9ca7e071358353446ed76c54ec24dcbc970dc1ca6b5080ea0a5e
                                                                                                                                                                                                      • Instruction ID: 203c444e73fb9478a727f99f2ab92867d8725ece5b9161603c70e061776d4332
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2cf677cee9b9ca7e071358353446ed76c54ec24dcbc970dc1ca6b5080ea0a5e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8DA18D21A09A4681EA10BB18E856379A3B0AF66794FD44532EB5D877F9DF3CE543C330
                                                                                                                                                                                                      Function 00007FF7B6F16C00 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 139COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,00000000,?,?,00007FF7B6F6939E,?,?,?,?,?,?,00007FF7B710C978), ref: 00007FF7B6F16D51
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,?,?,00007FF7B6F6939E,?,?,?,?,?,?,00007FF7B710C978), ref: 00007FF7B6F16DB7
                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00000000,?,?,00007FF7B6F6939E,?,?,?,?,?,?,00007FF7B710C978), ref: 00007FF7B6F16DCC
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\vector:618: assertion !empty() failed: front() called on an empty vector, xrefs: 00007FF7B6F16E3B
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireCounterPerformanceQueryRelease
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\vector:618: assertion !empty() failed: front() called on an empty vector
                                                                                                                                                                                                      • API String ID: 465813119-3459903379
                                                                                                                                                                                                      • Opcode ID: 3fa605a47a94c84a8d94fb88316f22e0170241ecb0c9b4ff835e624d443640c4
                                                                                                                                                                                                      • Instruction ID: 2e92309a14c4c149aad865a51014e8a1a41f95484d53bbb898c302a7537b8a8d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3fa605a47a94c84a8d94fb88316f22e0170241ecb0c9b4ff835e624d443640c4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1519572A0970985EA64AB59E84037AB361EBE5BD1FD40531DB5E077B8CF3CE582C360
                                                                                                                                                                                                      Function 00007FF7B6F50EB0 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 103COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFileLastPointer
                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\client\settings.cc$..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc$SetFilePointerEx$Settings magic is not $Settings version is not $sdPC$sdPC
                                                                                                                                                                                                      • API String ID: 2976181284-3837614210
                                                                                                                                                                                                      • Opcode ID: 7680f64b74ea4f2c9e40e9b7be28def8ffec7b50507699e20023fd296ce2c39c
                                                                                                                                                                                                      • Instruction ID: f5d3446e3afd077ad7af0ea5b13aa14289e8a3faaa8057c84ad1c3c84bb7da29
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7680f64b74ea4f2c9e40e9b7be28def8ffec7b50507699e20023fd296ce2c39c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C41C631B0D54A44FA60BB19A8503BAE395EBA6BC1FC00032EB4D17AADCD2CD647C731
                                                                                                                                                                                                      Function 00007FF7B702A7B0 Relevance: 15.2, APIs: 10, Instructions: 202COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00007FF7B6F108A1,?,?,?,00007FF7B6F08477), ref: 00007FF7B702A84A
                                                                                                                                                                                                      • WakeAllConditionVariable.KERNEL32(?,00007FF7B6F108A1,?,?,?,00007FF7B6F08477), ref: 00007FF7B702A85D
                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,00007FF7B6F108A1,?,?,?,00007FF7B6F08477), ref: 00007FF7B702A866
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(?,00007FF7B6F108A1,?,?,?,00007FF7B6F08477), ref: 00007FF7B702A86F
                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,00007FF7B6F108A1,?,?,?,00007FF7B6F08477), ref: 00007FF7B702A8A3
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00007FF7B6F108A1,?,?,?,00007FF7B6F08477), ref: 00007FF7B702A902
                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,00007FF7B6F108A1,?,?,?,00007FF7B6F08477), ref: 00007FF7B702A91D
                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?,00007FF7B6F108A1,?,?,?,00007FF7B6F08477), ref: 00007FF7B702A971
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$Acquire$Release$ConditionVariableWake
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2824607059-0
                                                                                                                                                                                                      • Opcode ID: 8e77a3fe88fc331cb260b54d921ec30572af2c294b68929751547e39458cfd0d
                                                                                                                                                                                                      • Instruction ID: c8699d808db5e6e0cb41a2972dbcf7e61c76d3832dc3e4f2c213a6ca7616263d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e77a3fe88fc331cb260b54d921ec30572af2c294b68929751547e39458cfd0d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C771B363E1D54685EA55BB19A904239A310BFA6BA4FC44133DF2E427F8DF3CE447E220
                                                                                                                                                                                                      Function 00007FF7B6F1A9E0 Relevance: 15.2, APIs: 10, Instructions: 161COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00007FF7B6F08527), ref: 00007FF7B6F1AA48
                                                                                                                                                                                                      • WakeAllConditionVariable.KERNEL32(?,?,?,?,?,?,00007FF7B6F08527), ref: 00007FF7B6F1AA5A
                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00007FF7B6F08527), ref: 00007FF7B6F1AA63
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00007FF7B6F08527), ref: 00007FF7B6F1AA6C
                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00007FF7B6F08527), ref: 00007FF7B6F1AA9A
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00007FF7B6F08527), ref: 00007FF7B6F1AAD9
                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00007FF7B6F08527), ref: 00007FF7B6F1AAF3
                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00007FF7B6F08527), ref: 00007FF7B6F1AB01
                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00007FF7B6F08527), ref: 00007FF7B6F1AB0F
                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00007FF7B6F08527), ref: 00007FF7B6F1AB93
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$Acquire$Release$ConditionVariableWake
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2824607059-0
                                                                                                                                                                                                      • Opcode ID: 3fd916b32646a6655159d8ec0190fb68d5c18b9fca521f909d91b4d9ca35b040
                                                                                                                                                                                                      • Instruction ID: d92c335dce42726a84ec844f2bc509d11483c524f8826607e269af05d9f9a0db
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3fd916b32646a6655159d8ec0190fb68d5c18b9fca521f909d91b4d9ca35b040
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD51C991F1854E89E514FF19AC04576A351BFA7BE6FC80671DF2E022E8DE3CE446C220
                                                                                                                                                                                                      Function 00007FF7B701AC90 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 380COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireRelease$CounterPerformanceQuery
                                                                                                                                                                                                      • String ID: ..\..\base\threading\scoped_blocking_call_internal.cc$MonitorNextJankWindowIfNecessary$enable-background-thread-pool
                                                                                                                                                                                                      • API String ID: 1190089479-3676744455
                                                                                                                                                                                                      • Opcode ID: 42dc7d6f773e9df23da7abf42e0af8d1a161a9df64209211393775c7e12464c7
                                                                                                                                                                                                      • Instruction ID: e949174b2b0c32f9e67bb9ec62a1ce070b6667d873a7ca8fc45b59d0914c64c8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42dc7d6f773e9df23da7abf42e0af8d1a161a9df64209211393775c7e12464c7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA029321A0D64685E650BB29E844379A3A0AFA6754FD44132EB5D877B9EF3CF443D330
                                                                                                                                                                                                      Function 00007FF7B70BAAE0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 117libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                      • String ID: MZx$api-ms-$ext-ms-
                                                                                                                                                                                                      • API String ID: 3013587201-2431898299
                                                                                                                                                                                                      • Opcode ID: f62ba375cc99320173938f47b475f81c464cfdb0b8375877cb90dd21ed36f199
                                                                                                                                                                                                      • Instruction ID: 394e142b903e3881d7150e077183ef4189362ce8b54062553063be43f01d91c4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f62ba375cc99320173938f47b475f81c464cfdb0b8375877cb90dd21ed36f199
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23410961B1D60245EA15EB1DA800A75E391BF67B90F884536EF1D9736CDF3CE9069320
                                                                                                                                                                                                      Function 00007FF7B6F49580 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 98COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 00007FF7B6F4961B
                                                                                                                                                                                                      • CreateDirectory , xrefs: 00007FF7B6F4963D
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00007FF7B6F496D9
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00007FF7B6F496EC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\client\crash_report_database_win.cc$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$CreateDirectory
                                                                                                                                                                                                      • API String ID: 1375471231-3193998906
                                                                                                                                                                                                      • Opcode ID: 8f1d88d78034dadb2748f103f007a1f02c647d23bf7f067ab63d2121bcf9da2c
                                                                                                                                                                                                      • Instruction ID: 2020ef170dcb2b75292ad86d9484996e32e12cc2ea073591214873419bbbeb56
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f1d88d78034dadb2748f103f007a1f02c647d23bf7f067ab63d2121bcf9da2c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC41A521B0C65645FA11FB19E4917BAE360EFA7B84F800032DB4D57BADDE2CE506C760
                                                                                                                                                                                                      Function 00007FF7B6F01352 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 85COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                      • String ID: ..\..\base\task\sequence_manager\work_tracker.cc$E$ScopedAllowBaseSyncPrimitivesOutsideBlockingScope$WaitNoSyncWork
                                                                                                                                                                                                      • API String ID: 1678258262-2415033031
                                                                                                                                                                                                      • Opcode ID: ecbc3caf101d519bf43b699177eb9f170b2db5e1f08f3b958fdcf760f390c205
                                                                                                                                                                                                      • Instruction ID: 93b78b18f9ae095be5d888b3452e34a90caa16493ede2a485b98ad81b5d10594
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ecbc3caf101d519bf43b699177eb9f170b2db5e1f08f3b958fdcf760f390c205
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D418335608B4A96EA10EF19F4503BAA360FBA7799FC40135DB9D076A9CF3CE1068720
                                                                                                                                                                                                      Function 00007FF7B6F478C0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69synchronizationthreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseErrorHandleLastObjectSingleThreadWait
                                                                                                                                                                                                      • String ID: ..\..\base\threading\platform_thread_win.cc$Join$ScopedBlockingCallWithBaseSyncPrimitives
                                                                                                                                                                                                      • API String ID: 813778123-1135135018
                                                                                                                                                                                                      • Opcode ID: eb86246e4975723fee8e9d084e3a55e2a64e3755e55f6d4206f25f4e8507067b
                                                                                                                                                                                                      • Instruction ID: 71ea20ca59395924030707ed9d8e84491b743cde2a48fd18818e62edd8d8f295
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb86246e4975723fee8e9d084e3a55e2a64e3755e55f6d4206f25f4e8507067b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27316521A0C6C695FA20AB29F8117F6B360BFA6754FC44131DB8D46669EE3CD14BC730
                                                                                                                                                                                                      Function 00007FF7B6F1FC60 Relevance: 9.0, APIs: 6, Instructions: 50threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 00007FF7B6F1FC77
                                                                                                                                                                                                      • SetThreadPriority.KERNEL32(?,?,?,?,?,?,00007FF7B701BBF5), ref: 00007FF7B6F1FC8C
                                                                                                                                                                                                        • Part of subcall function 00007FF7B70CFAC0: GetCurrentThread.KERNEL32 ref: 00007FF7B70CFAC4
                                                                                                                                                                                                        • Part of subcall function 00007FF7B70CFAC0: GetThreadPriority.KERNEL32(?,?,?,?,00007FF7B6F1FC97,?,?,?,?,?,?,00007FF7B701BBF5), ref: 00007FF7B70CFACD
                                                                                                                                                                                                      • SetThreadPriority.KERNEL32(?,?,?,?,?,?,00007FF7B701BBF5), ref: 00007FF7B6F1FCA3
                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 00007FF7B6F1FCC2
                                                                                                                                                                                                      • SetThreadInformation.KERNEL32(?,?,?,?,?,?,00007FF7B701BBF5), ref: 00007FF7B6F1FCD9
                                                                                                                                                                                                      • SetThreadPriority.KERNEL32(?,?,?,?,?,?,00007FF7B701BBF5), ref: 00007FF7B6F1FCF9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Thread$Priority$Current$Information
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2516384554-0
                                                                                                                                                                                                      • Opcode ID: 6bdc59d89a542c32d062b3dae71ecf26e0eee7d99e6bf4bacf29e6109943e5dd
                                                                                                                                                                                                      • Instruction ID: f08088f1d1235a2e3548dfd714ec5676eef77de58d3854ef25b36ac9c93d5753
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6bdc59d89a542c32d062b3dae71ecf26e0eee7d99e6bf4bacf29e6109943e5dd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7311C831E0955586E610BB29F84426AE2909FEABD1F914131DF5E43778DE3CE9478720
                                                                                                                                                                                                      Function 00007FF7B70ADDF0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 218COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,00000000,bad_variant_access.cc,00000000,?,?,00000000,00000000,?,00007FF7B70AE203,?), ref: 00007FF7B70ADF0C
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,bad_variant_access.cc,00000000,?,?,00000000,00000000,?,00007FF7B70AE203,?), ref: 00007FF7B70ADF97
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                      • String ID: bad_variant_access.cc
                                                                                                                                                                                                      • API String ID: 953036326-947800613
                                                                                                                                                                                                      • Opcode ID: a0eca0dc2137039ae39842a223ce3aa9d899d075495d3ee5b76aee35948632fa
                                                                                                                                                                                                      • Instruction ID: d4f8478265fed1d7f58197e63571b916a15bd447e913168cb0784d8b764c3033
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0eca0dc2137039ae39842a223ce3aa9d899d075495d3ee5b76aee35948632fa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A91B722E1865289F750AF6D94406BDBBA0AB76788F944136DF0DD76ACDE38D483D330
                                                                                                                                                                                                      Function 00007FF7B701EBC0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 193libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ProcessPrng, xrefs: 00007FF7B701EC33
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00007FF7B701ED15
                                                                                                                                                                                                      • bcryptprimitives.dll, xrefs: 00007FF7B701EC21
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$ProcessPrng$bcryptprimitives.dll
                                                                                                                                                                                                      • API String ID: 2574300362-4294766899
                                                                                                                                                                                                      • Opcode ID: 11607e7f7bf0c14bdb917be01803f64bf290adfb7c1416aa0085c47a87bcbf52
                                                                                                                                                                                                      • Instruction ID: 8eb38f143e067c52f7c822e605273d815cfc3d85837a50ec5e4a24844bb256ea
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 11607e7f7bf0c14bdb917be01803f64bf290adfb7c1416aa0085c47a87bcbf52
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7651E831F0560645EA14AB2EF940168A390AF76B91F945532DF1D47BB9EF3CE493C320
                                                                                                                                                                                                      Function 00007FF7B70183B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 187COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr, xrefs: 00007FF7B70185F8
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00007FF7B701860B
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr
                                                                                                                                                                                                      • API String ID: 1678258262-1580066018
                                                                                                                                                                                                      • Opcode ID: 03a2612c8c170872a5ea1583796e2e3722e29907a68d06858f24f5c9aea685bf
                                                                                                                                                                                                      • Instruction ID: 2427abb41cbdf5f4c8f1ef6d0b553f3aa213c0845ebb60ffed56907d65a63a3e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03a2612c8c170872a5ea1583796e2e3722e29907a68d06858f24f5c9aea685bf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD71A361B0D60681EA10AB19E450279A761EFA6B94FD44432EF0E977B9EF3CE543C360
                                                                                                                                                                                                      Function 00007FF7B70F8530 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 133fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$Create$CurrentDirectoryModuleName
                                                                                                                                                                                                      • String ID: debug.log
                                                                                                                                                                                                      • API String ID: 4120427848-600467936
                                                                                                                                                                                                      • Opcode ID: 988664e5f8545b64de6114bb5cfcdafd2cf705a2b8781839977b93f9cd044a18
                                                                                                                                                                                                      • Instruction ID: 14eb95c23191d8a68f98a272ca8c6a261cb4197abcd261e39ce860413d27d2de
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 988664e5f8545b64de6114bb5cfcdafd2cf705a2b8781839977b93f9cd044a18
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C511770A0CA0681FB10AB18E954379A2A1AFA6B94F944132DB1D5B7FDDF3DE1428330
                                                                                                                                                                                                      Function 00007FF7B6F010F0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>, xrefs: 00007FF7B6F0123D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>
                                                                                                                                                                                                      • API String ID: 1678258262-1005156258
                                                                                                                                                                                                      • Opcode ID: a801918aa0b8ec2b4fe036ae8cc5ea4810c4e43dfde322411b842882a506a836
                                                                                                                                                                                                      • Instruction ID: ce0f56542f8a9920a6cd3fe5a553545276f62d3a4f097283e8ccf589b5491fff
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a801918aa0b8ec2b4fe036ae8cc5ea4810c4e43dfde322411b842882a506a836
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB411912B0968955FA19FF59AD042BAA764BBB7B81FC84571DF0D07359CF3CA492C320
                                                                                                                                                                                                      Function 00007FF7B6F447B0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 111COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLockLongNamePath$AcquireCounterPerformanceQueryRelease
                                                                                                                                                                                                      • String ID: ..\..\base\files\file_util_win.cc$MakeLongFilePath$ScopedBlockingCall
                                                                                                                                                                                                      • API String ID: 839722070-2989128051
                                                                                                                                                                                                      • Opcode ID: 0a075d9a24e4318dcc0876f46c8ad219fcfa037924160c5f5a081d6323efd179
                                                                                                                                                                                                      • Instruction ID: 2b7ff17ad2202f1f9fe327504c5853475b3dce6d8747ded7729b1895a9f27911
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a075d9a24e4318dcc0876f46c8ad219fcfa037924160c5f5a081d6323efd179
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4541D722A1C78645FB21AB29B410BB6A360FFA6744F844131DB8D57B59EF3CE1868750
                                                                                                                                                                                                      Function 00007FF7B6F47730 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,00007FF7B6F69442,?,?,?,?), ref: 00007FF7B6F4778D
                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,00007FF7B6F69442,?,?,?,?), ref: 00007FF7B6F477C4
                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,00007FF7B6F69442,?,?,?,?), ref: 00007FF7B6F4789C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                      • String ID: ..\..\base\threading\thread.cc$StopSoon
                                                                                                                                                                                                      • API String ID: 1678258262-4240870308
                                                                                                                                                                                                      • Opcode ID: e9e5cd6e1c6a6c61bef2241ed55e66fa9040950a17f2f2620af5ea4eb0567ecc
                                                                                                                                                                                                      • Instruction ID: 2e3ea24bdda10eb0197208e78692fafdbb4cfe3df9676506a28142e1bd53792f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e9e5cd6e1c6a6c61bef2241ed55e66fa9040950a17f2f2620af5ea4eb0567ecc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37418632A09B4A85EF04AB19E840669B364EBA6BD5FD44172CB1D037B8DF3CE056C360
                                                                                                                                                                                                      Function 00007FF7B7056F80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast$AddressHandleModuleProc
                                                                                                                                                                                                      • String ID: GetHandleVerifier
                                                                                                                                                                                                      • API String ID: 1762409328-1090674830
                                                                                                                                                                                                      • Opcode ID: 1e0c43a2c5ab6ebbf6d4a5318def075aa27435527af398274de875a2d3085821
                                                                                                                                                                                                      • Instruction ID: a27da3b875914f837dd669553d509fef34ffee99ba71d6f9be4ec0a9522d17eb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e0c43a2c5ab6ebbf6d4a5318def075aa27435527af398274de875a2d3085821
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E631B832A18646D1EB24AF19E840379B361BB66B50FC45436DB5E833B5DF3CE496C320
                                                                                                                                                                                                      Function 00007FF7B7042C20 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 75libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7B7042CFF
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7B7042D0F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                      • String ID: ..\..\base\files\file_win.cc$Close$GetHandleVerifier
                                                                                                                                                                                                      • API String ID: 1646373207-1682205630
                                                                                                                                                                                                      • Opcode ID: 6148f2fd78368874610622e7da19ea785c06f2d4b795086f1e55f4094bbcfafe
                                                                                                                                                                                                      • Instruction ID: 2c8d048ec377e81fe581fa2cf8caa319828fad79b8e15ece2b51ac63ae185fb5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6148f2fd78368874610622e7da19ea785c06f2d4b795086f1e55f4094bbcfafe
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7315421B0C64A90FA25AB2DF4557B9A361AFA6784FC44432DB4D977B8DE2CE147C320
                                                                                                                                                                                                      Function 00007FF7B6F49700 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 71COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AttributesErrorFileLast
                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\client\crash_report_database_win.cc$: not a directory$GetFileAttributes
                                                                                                                                                                                                      • API String ID: 1799206407-1182343664
                                                                                                                                                                                                      • Opcode ID: ca03cb5c07478eb8777ee26728ecc96631de3ac4060ab86f320ad21eecf4a10d
                                                                                                                                                                                                      • Instruction ID: 65d17d1fd777c536a2a0a732c9e63fd0d497a295d1a691ecf66855d0f54d823e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca03cb5c07478eb8777ee26728ecc96631de3ac4060ab86f320ad21eecf4a10d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14216D20B0C50A40FB60BB19A8957BAD755AFA6BC4FC40076DB4D5BAEEDE1DE1078730
                                                                                                                                                                                                      Function 00007FF7B70A3384 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                      • Opcode ID: 8ff6bfc83a365c4f062c6d84fc4fb9cb5af3adf278b8331d9c9a2b2122785620
                                                                                                                                                                                                      • Instruction ID: 98c6693b1a8af789f699b3be90740813a7fb89cc42c602f2b1096d2ffd78ed64
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ff6bfc83a365c4f062c6d84fc4fb9cb5af3adf278b8331d9c9a2b2122785620
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79F04F62B1DA0A81EA14AB28F444739E360AFAAB61FD40235CB6D851FCDF3DD1468730
                                                                                                                                                                                                      Function 00007FF7B70B9B84 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                                      • Opcode ID: c22c01a1249d3c2ec0fa8f4033e8137da465bf2125250057783a341219962f5d
                                                                                                                                                                                                      • Instruction ID: a3afd0b1c2fe37e48f6382f1cf990768bf6740017b80218e0ad35eada725e6f7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c22c01a1249d3c2ec0fa8f4033e8137da465bf2125250057783a341219962f5d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF11D260A0C24681FA14B32DA551379F1A19F663A0F944736FA3D877FEDE2CA6435630
                                                                                                                                                                                                      Function 00007FF7B7048280 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 275COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00007FF7B7048694
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
                                                                                                                                                                                                      • API String ID: 1678258262-2888085009
                                                                                                                                                                                                      • Opcode ID: 1e7d60709d550ddbe59e7a17a6411d76f3700e514f644fac978eeffc9b013844
                                                                                                                                                                                                      • Instruction ID: 7d252d6bea237812a46054c257331722fd56236f568b97bff6abc5adfd0b3c2e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e7d60709d550ddbe59e7a17a6411d76f3700e514f644fac978eeffc9b013844
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5EB1CE72A09B8286DA50EF19E44507AB7A4FB66BD0F844532EF5D937E8DF38E452C310
                                                                                                                                                                                                      Function 00007FF7B7101970 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                      • String ID: <
                                                                                                                                                                                                      • API String ID: 1678258262-4251816714
                                                                                                                                                                                                      • Opcode ID: 6570a92f98ce9ac1897186bab200fd82fada736f4f8319ba9bc21693c89089a4
                                                                                                                                                                                                      • Instruction ID: 8684917fb8d03cabd098251976af02326cf4d4e90191c33fbb6dd7c55a56222a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6570a92f98ce9ac1897186bab200fd82fada736f4f8319ba9bc21693c89089a4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C151D011E1854944EA16BB29A50127DE361FFA7BD5F944332DF1F265A8EF3CE0539130
                                                                                                                                                                                                      Function 00007FF7B6F04120 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7B6F041E9
                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7B6F0428F
                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7B6F04303
                                                                                                                                                                                                        • Part of subcall function 00007FF7B708F6C4: AcquireSRWLockExclusive.KERNEL32(?,?,-5555555555555556,00007FF7B7082EB5,?,?,?,?,?,?,?,?,?,?,00007FF7B70F5CAB), ref: 00007FF7B708F6D4
                                                                                                                                                                                                        • Part of subcall function 00007FF7B708F6C4: ReleaseSRWLockExclusive.KERNEL32(?,?,-5555555555555556,00007FF7B7082EB5,?,?,?,?,?,?,?,?,?,?,00007FF7B70F5CAB), ref: 00007FF7B708F714
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00007FF7B6F04314
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap
                                                                                                                                                                                                      • API String ID: 1678258262-2510419621
                                                                                                                                                                                                      • Opcode ID: 3621ddc6968f642f1c04a329f873b51ce534fda06a2d9a0f4e5c1237a7f9543f
                                                                                                                                                                                                      • Instruction ID: a4711cadbfceebd6657551b46bcb8f8cd4b2d3c26f0ed6ab1aec46c59352e330
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3621ddc6968f642f1c04a329f873b51ce534fda06a2d9a0f4e5c1237a7f9543f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D51C622A1854A85EA10FB68E85027AB761BFA6794FD40231DB5D476F9DF2CE543C330
                                                                                                                                                                                                      Function 00007FF7B6F0B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 95COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ConditionSleepVariable
                                                                                                                                                                                                      • String ID: ..\..\base\synchronization\condition_variable_win.cc$ScopedBlockingCallWithBaseSyncPrimitives$TimedWait
                                                                                                                                                                                                      • API String ID: 1382704212-1641630961
                                                                                                                                                                                                      • Opcode ID: a9ddc95a65ae59d1fe53d31b0732cf05c405826b276e05d36554a1c802d729ca
                                                                                                                                                                                                      • Instruction ID: 383d095f85f7d7e86aff6d803cdfc1ee19ae42fe0abfc8010c2f4f239ac7a4d3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9ddc95a65ae59d1fe53d31b0732cf05c405826b276e05d36554a1c802d729ca
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1741E571A0C6C684EB31AB1DB4043E6A3A0FFA6794F848172DB8D467A9DF2ED1468710
                                                                                                                                                                                                      Function 00007FF7B6F1D870 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 88COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                      • String ID: bitset set argument out of range$bitset test argument out of range
                                                                                                                                                                                                      • API String ID: 17069307-1976194836
                                                                                                                                                                                                      • Opcode ID: a5e3fa822932749580827537d31fa742ad94ec1fbbedac1ac0a172327da2ffe9
                                                                                                                                                                                                      • Instruction ID: ede085b71fb92875a181c0074f4322c398015bae4035254935b62baaa3e24290
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5e3fa822932749580827537d31fa742ad94ec1fbbedac1ac0a172327da2ffe9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7721D391B0A50E46FE54B61ABD6437AD2225FA2BE1FD05070CF0E0779DDD2CE4838320
                                                                                                                                                                                                      Function 00007FF7B7115790 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 82COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\util\misc\paths_win.cc$GetModuleFileName
                                                                                                                                                                                                      • API String ID: 2776309574-708485756
                                                                                                                                                                                                      • Opcode ID: 42a3ee3999fc2b87d5f28d26724502714d15fa6b81b8fda81b619dc712346c53
                                                                                                                                                                                                      • Instruction ID: beae361b73f6ebecf606adcee31b474350404a1873e9fe8a1bac6457b780029f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42a3ee3999fc2b87d5f28d26724502714d15fa6b81b8fda81b619dc712346c53
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C315E20B1C61640FA60BB1AA5553FAD3159FA6BC0F800136EB4E5BBEEDE1DE1078771
                                                                                                                                                                                                      Function 00007FF7B7101EC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,00007FF7B7101C66), ref: 00007FF7B7101F01
                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?,?,?,00007FF7B7101C66), ref: 00007FF7B7101F0E
                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,00007FF7B7101C66), ref: 00007FF7B7101F23
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00007FF7B7101F9D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
                                                                                                                                                                                                      • API String ID: 1678258262-2888085009
                                                                                                                                                                                                      • Opcode ID: ff639d82b42884b19eb44c11a7e05e95ebc4e9be1ddfdb1243873fce1e19f20f
                                                                                                                                                                                                      • Instruction ID: ab84a79e0460a154500f9a597ebabe02fb947b2a29a3bff67a401c0b30b48efb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff639d82b42884b19eb44c11a7e05e95ebc4e9be1ddfdb1243873fce1e19f20f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C314D21A1864A81EA11BB6AB84427DA351AFE6B81FE44431DF1D1B6BDDF3CE4479330
                                                                                                                                                                                                      Function 00007FF7B6F07940 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                      • String ID: bitset set argument out of range$bitset test argument out of range
                                                                                                                                                                                                      • API String ID: 17069307-1976194836
                                                                                                                                                                                                      • Opcode ID: 278b70385d345bc30fe89d3efa334e4d312b4e9072528492639466f27062f46c
                                                                                                                                                                                                      • Instruction ID: d7217120a76c534ab305b11937f3f42d7f803328a49a979044d96dc3a93da54d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 278b70385d345bc30fe89d3efa334e4d312b4e9072528492639466f27062f46c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F21E9A1B0968A45ED64BE59FA103FAA2119B617C1ED044B1CF4E0369DDE6CF586C334
                                                                                                                                                                                                      Function 00007FF7B6F0C090 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                                                      • String ID: GetHandleVerifier
                                                                                                                                                                                                      • API String ID: 4275029093-1090674830
                                                                                                                                                                                                      • Opcode ID: 36b63c9d797f3b8ad7a2ea95eaf0f403c1466ac54759943a7e17899333991692
                                                                                                                                                                                                      • Instruction ID: 3db0706cb2b07e3103533f92754f069e152b33f33b2e94e534c8b7ffc97806c8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36b63c9d797f3b8ad7a2ea95eaf0f403c1466ac54759943a7e17899333991692
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7218032A0DA0B84FA147F1DBC4427AA311AF66791FC48476CB0E423E8DF7CA486C230
                                                                                                                                                                                                      Function 00007FF7B7018CA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,?,?,00007FF7B70F4B8E,?,?,00000000,?,00007FF7B7106012), ref: 00007FF7B7018CB4
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(?,?,00000000,?,00007FF7B7106012), ref: 00007FF7B7018D29
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,?,00007FF7B7106012), ref: 00007FF7B7018D39
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                                                      • String ID: GetHandleVerifier
                                                                                                                                                                                                      • API String ID: 4275029093-1090674830
                                                                                                                                                                                                      • Opcode ID: 642f61f68722bd0c30e89482813d4007793d35e60fc2d6ecc68740a963d6a002
                                                                                                                                                                                                      • Instruction ID: bf9fa5f20a57d88281721ef3ad36605253839339aa3a683b93b702fb1c57d77a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 642f61f68722bd0c30e89482813d4007793d35e60fc2d6ecc68740a963d6a002
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93213025A0DB0A80EA157B1DB844279A311AF767A0FD44436DB0E967F8EF3CA597C320
                                                                                                                                                                                                      Function 00007FF7B6F0DA40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57filelibraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • UnmapViewOfFile.KERNEL32(00000001,00000000,?,00007FF7B6F0DBD3,?,?,?,?,?,?,?,00007FF7B6F0D919), ref: 00007FF7B6F0DA58
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000001,00000000,?,00007FF7B6F0DBD3,?,?,?,?,?,?,?,00007FF7B6F0D919), ref: 00007FF7B6F0DAC0
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,00007FF7B6F0D919), ref: 00007FF7B6F0DAD0
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressFileHandleModuleProcUnmapView
                                                                                                                                                                                                      • String ID: GetHandleVerifier
                                                                                                                                                                                                      • API String ID: 3224599007-1090674830
                                                                                                                                                                                                      • Opcode ID: e68b274b8211205939c163bb1343c4fa8e263559fec571518ff0d441d18208dd
                                                                                                                                                                                                      • Instruction ID: 2314c01b7e5cb77562d330f95e92cb97b1b960dc0808e077c5448bbc0a177d95
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e68b274b8211205939c163bb1343c4fa8e263559fec571518ff0d441d18208dd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA216821E0D60A85EB24BF6DF84537A9321AF62B85F944075DB0E563A9DF7CE486C230
                                                                                                                                                                                                      Function 00007FF7B6F0C530 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 167COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • TlsSetValue.KERNEL32(?,?,?,?,?,?,?,%s (errno: %d, %s),?,?,00007FF7B6F0C493), ref: 00007FF7B6F0C73E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00007FF7B6F0C671
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00007FF7B6F0C684
                                                                                                                                                                                                      • %s (errno: %d, %s), xrefs: 00007FF7B6F0C532
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                                      • String ID: %s (errno: %d, %s)$..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds
                                                                                                                                                                                                      • API String ID: 3702945584-519630891
                                                                                                                                                                                                      • Opcode ID: c5b69d1548aef6069de4244035cbd8ec9290d3a97a3417537ba8ce3b24fbfe8a
                                                                                                                                                                                                      • Instruction ID: c73c312aee36988969df4f9ff23aa4d94b19a04145b67fea6329049303fc885d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c5b69d1548aef6069de4244035cbd8ec9290d3a97a3417537ba8ce3b24fbfe8a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D519276B0864A86EB14AF2DE8511BAB360EB96F94F844132DF1D47768DF3CE442C720
                                                                                                                                                                                                      Function 00007FF7B6F55830 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 79COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandle
                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$CloseHandle$Free
                                                                                                                                                                                                      • API String ID: 2962429428-1704384866
                                                                                                                                                                                                      • Opcode ID: 4442e9aeca90f56db17be22465c221c237d30ba17697599f6cf7dcb82b7c3e04
                                                                                                                                                                                                      • Instruction ID: c786fd854b967fdfb7767f1b6ad93d18e03d82b3639cfa150bda4ee52d117666
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4442e9aeca90f56db17be22465c221c237d30ba17697599f6cf7dcb82b7c3e04
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9531EA61E1C60A45F620B729B41027AA350AFA67A1FC00671CB6E077EDDE2CF5468320
                                                                                                                                                                                                      Function 00007FF7B6F1369D Relevance: 6.1, APIs: 4, Instructions: 69memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value$Alloc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3180153967-0
                                                                                                                                                                                                      • Opcode ID: b8e8cfc1eeff17cbbc441556c340d408aae3199eb22284f094d7b9334e33e6f2
                                                                                                                                                                                                      • Instruction ID: c877d4f406438004a7cbd62399686f408a1acaf6ecc868fa30735353df40b6ef
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b8e8cfc1eeff17cbbc441556c340d408aae3199eb22284f094d7b9334e33e6f2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5311A161F0854946F614773D68143BAA2919FABBE1FC00135EF6D4B7EDCE3CA84346A0
                                                                                                                                                                                                      Function 00007FF7B6F07330 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 17069307-0
                                                                                                                                                                                                      • Opcode ID: aba7cb8fdb62a698af1450e17f9ce09fa6582ea383a63d2fa71497376c1c41c8
                                                                                                                                                                                                      • Instruction ID: 17c1af47eeb134ae7bf8030e8f2b7f17bec5f7052922c62b58a0a3053d1658af
                                                                                                                                                                                                      • Opcode Fuzzy Hash: aba7cb8fdb62a698af1450e17f9ce09fa6582ea383a63d2fa71497376c1c41c8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18215136A08A0A94EA11AF59FD40275A760BBA67A5FC00631CF7D166F8DE3CD547C330
                                                                                                                                                                                                      Function 00007FF7B7092584 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2933794660-0
                                                                                                                                                                                                      • Opcode ID: bc8cc271a81cb2d0cf723acb6e933dfc79c6dbce6dc2059291a44194ad764687
                                                                                                                                                                                                      • Instruction ID: 1db102613952678ae7844390e3c0c8fe7c2db49d008b2f4ecd982244ab6014f5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc8cc271a81cb2d0cf723acb6e933dfc79c6dbce6dc2059291a44194ad764687
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11115132B14F0589EB00DF64E8442B873A4FB69758F841D31EB6D427A8DF7CD1658360
                                                                                                                                                                                                      Function 00007FF7B6F5B720 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseErrorHandleLast
                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc$CloseHandle
                                                                                                                                                                                                      • API String ID: 918212764-1830217499
                                                                                                                                                                                                      • Opcode ID: 52da9b2ca3452e2d1b4a8b8cbedd4432719bcacbc643daef8a3810ab2a93e224
                                                                                                                                                                                                      • Instruction ID: bcbfec49ce225afb44f4d4f0fde5c76725b60500f8687b201123721e15a7ffea
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 52da9b2ca3452e2d1b4a8b8cbedd4432719bcacbc643daef8a3810ab2a93e224
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE017921E0C55682FA50B729B8513F7E250AF66B80FC00035DB4D5A6EDDE2CD603CB70
                                                                                                                                                                                                      Function 00007FF7B703EC50 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 172fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • UnmapViewOfFile.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,?,00007FF7B70F866D), ref: 00007FF7B703EDAD
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • SharedMemoryTracker, xrefs: 00007FF7B703EE56
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\optional:800: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 00007FF7B703EE94
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileUnmapView
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\optional:800: assertion this->has_value() failed: optional operator* called on a disengaged value$SharedMemoryTracker
                                                                                                                                                                                                      • API String ID: 2564024751-151285332
                                                                                                                                                                                                      • Opcode ID: bba2a0cceeba8071c75bee96669eac36fcbf3f9005b8dcc2f7628c647b6753a8
                                                                                                                                                                                                      • Instruction ID: 56908f5792d6b2b3b7b2d2d8bf86e2bd6a4c80b35b689def3e8dd1bac6ecc70c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bba2a0cceeba8071c75bee96669eac36fcbf3f9005b8dcc2f7628c647b6753a8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F751E622A1960645FA10EB29E5453B5A350EFB6B90F950632DB1D4B7B9DE3CF443C330
                                                                                                                                                                                                      Function 00007FF7B7082D50 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7B70F5CAB), ref: 00007FF7B7082E40
                                                                                                                                                                                                      • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7B70F5CAB), ref: 00007FF7B7082E99
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>, xrefs: 00007FF7B7082DEE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: PerformanceQuery$CounterFrequency
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>
                                                                                                                                                                                                      • API String ID: 774501991-1005156258
                                                                                                                                                                                                      • Opcode ID: 08a9388ed94ca9583da50b01e9a6bc7ced01b86c82134a27a0ffc20d1e760595
                                                                                                                                                                                                      • Instruction ID: 9b38be2a4342ea62181401a577a154bdbbae63c465f30f42c38134a833370dd6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08a9388ed94ca9583da50b01e9a6bc7ced01b86c82134a27a0ffc20d1e760595
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0417272A08B4685E610EB2DF544268B7A1EBAA790FD48132CB4D87378CF3CE557C320
                                                                                                                                                                                                      Function 00007FF7B6F01C60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>, xrefs: 00007FF7B6F01D2F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AcquireExclusiveLock
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>
                                                                                                                                                                                                      • API String ID: 4021432409-1005156258
                                                                                                                                                                                                      • Opcode ID: b70a1c15078c4b9a6e1aa535a9e41d839b39eeb5bde190e470b79632bb8abcb6
                                                                                                                                                                                                      • Instruction ID: 71b4d15fc3719bdd29a46c563bfd615f38fc3eead4ba75cb826cd804f2461763
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b70a1c15078c4b9a6e1aa535a9e41d839b39eeb5bde190e470b79632bb8abcb6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2213A12F0E15A54FA21FFAA89001BED7616F76B85F944472CF0D072A9CE3DE4538320
                                                                                                                                                                                                      Function 00007FF7B6F13450 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00007FF7B7059990: QueryPerformanceCounter.KERNEL32 ref: 00007FF7B7059AB9
                                                                                                                                                                                                        • Part of subcall function 00007FF7B7059990: TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7B7059B19
                                                                                                                                                                                                        • Part of subcall function 00007FF7B7059990: ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7B7059B69
                                                                                                                                                                                                      • GetFileSizeEx.KERNEL32 ref: 00007FF7B6F134D5
                                                                                                                                                                                                        • Part of subcall function 00007FF7B70594A0: GetLastError.KERNEL32 ref: 00007FF7B70594FF
                                                                                                                                                                                                        • Part of subcall function 00007FF7B70594A0: SetLastError.KERNEL32 ref: 00007FF7B7059509
                                                                                                                                                                                                        • Part of subcall function 00007FF7B70594A0: SetLastError.KERNEL32 ref: 00007FF7B705951D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast$ExclusiveLock$AcquireCounterFilePerformanceQueryReleaseSize
                                                                                                                                                                                                      • String ID: ..\..\base\files\file_win.cc$GetLength
                                                                                                                                                                                                      • API String ID: 1511923460-1822068241
                                                                                                                                                                                                      • Opcode ID: cb5656badd6f5e86b0e48b9fcb9b22d247e4a240e1e2c3346c97a39482499dd2
                                                                                                                                                                                                      • Instruction ID: b9b47353352d00ef00366f77d1b1e857004bc38d7af8d27e4e867205e5d34f32
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cb5656badd6f5e86b0e48b9fcb9b22d247e4a240e1e2c3346c97a39482499dd2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F811B23171898A90FA20AB2DB8057E9A3A4BF95B88F805121DE8C47B28DE3DD1478750
                                                                                                                                                                                                      Function 00007FF7B6F0D990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00007FF7B6F0DA40: UnmapViewOfFile.KERNEL32(00000001,00000000,?,00007FF7B6F0DBD3,?,?,?,?,?,?,?,00007FF7B6F0D919), ref: 00007FF7B6F0DA58
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32 ref: 00007FF7B6F0D9EE
                                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 00007FF7B6F0D9FE
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressFileHandleModuleProcUnmapView
                                                                                                                                                                                                      • String ID: GetHandleVerifier
                                                                                                                                                                                                      • API String ID: 3224599007-1090674830
                                                                                                                                                                                                      • Opcode ID: 6866d3d5fe7e81261a1f6cfdc43e4e5800feedadfac4d82fc613187a419d7ab8
                                                                                                                                                                                                      • Instruction ID: 506d8cdc617b7620ac7b80db49ad464b4b3712d5e0533c51228d45599425ce68
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6866d3d5fe7e81261a1f6cfdc43e4e5800feedadfac4d82fc613187a419d7ab8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE114625A0D60E85EA147B2DA85533A92216F62B85FD04075CB0F563A9DE2CE0459230
                                                                                                                                                                                                      Function 00007FF7B6F2D380 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(?,?,00000000,?,00007FF7B710612A), ref: 00007FF7B6F2D3CF
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,?,00007FF7B710612A), ref: 00007FF7B6F2D3DF
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                      • String ID: GetHandleVerifier
                                                                                                                                                                                                      • API String ID: 1646373207-1090674830
                                                                                                                                                                                                      • Opcode ID: 551810402e535498a66f900fe37522f5ae02aefbaf0d199ead3427da166e8136
                                                                                                                                                                                                      • Instruction ID: 384ddffa520701bc2b92af6e069f6fb963ef54384083d3357255a34f7329b84d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 551810402e535498a66f900fe37522f5ae02aefbaf0d199ead3427da166e8136
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F01A921E0D60F84EA18BB2DF8453799311BF62B82FD44475DB0E563A8DF3CA44A8730
                                                                                                                                                                                                      Function 00007FF7B707D2D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                      • String ID: GetHandleVerifier
                                                                                                                                                                                                      • API String ID: 1646373207-1090674830
                                                                                                                                                                                                      • Opcode ID: 41fe586f678beaff6b506200f7a0191b44754f5994edf08ef52ea32ab49aa78b
                                                                                                                                                                                                      • Instruction ID: 083a607e1cdf259a1d2b3ffd8255cab27253fdc664bd5b5fb97d8f3c53660d7b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41fe586f678beaff6b506200f7a0191b44754f5994edf08ef52ea32ab49aa78b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 59011225E0E64B81FB18B76DB45467593516FA6B44FD4403ACA0E9A3BCDE6CE0479230
                                                                                                                                                                                                      Function 00007FF7B712A4E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RemoveVectoredExceptionHandler.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7B6F5F92E), ref: 00007FF7B712A4F5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000045.00000002.98326755356.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000045.00000002.98326690712.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327520002.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327644017.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327690573.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327746926.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327804396.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327880206.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98327940652.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328019186.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328068837.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000045.00000002.98328127684.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_69_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionHandlerRemoveVectored
                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$Free
                                                                                                                                                                                                      • API String ID: 1340492425-290371620
                                                                                                                                                                                                      • Opcode ID: a6db242594c83ea9adbf18c6f3dbf865832c8ec81b96f3b583860a30db00318e
                                                                                                                                                                                                      • Instruction ID: 1132791729db57d2f9172f97c937bcb7208c10ebe4e7db59482d6902ece21abd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a6db242594c83ea9adbf18c6f3dbf865832c8ec81b96f3b583860a30db00318e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3F04F21B0C54A81FA10B729B5151BAA3659FE2BD4FC01032DB0D576A9CE6CE1478730

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:1.4%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                                                      Total number of Nodes:373
                                                                                                                                                                                                      Total number of Limit Nodes:31
                                                                                                                                                                                                      execution_graph 27724 7ff7b6f0d919 27725 7ff7b6f0d91d 27724->27725 27726 7ff7b6f0d941 GetCurrentProcess PrefetchVirtualMemory 27724->27726 27731 7ff7b6f0d990 57 API calls 27725->27731 27726->27725 28141 7ff7b6f04d13 80 API calls 27732 7ff7b6f0dc1c 27745 7ff7b70d1150 27732->27745 27736 7ff7b6f0db52 27751 7ff7b7091d80 27736->27751 27739 7ff7b7055c70 27742 7ff7b7055c93 27739->27742 27740 7ff7b7091d80 8 API calls 27741 7ff7b7055ce0 27740->27741 27741->27736 27744 7ff7b7055cd1 27742->27744 27760 7ff7b6f11000 8 API calls 27742->27760 27744->27740 27746 7ff7b70d1186 27745->27746 27761 7ff7b70fa6d0 27746->27761 27748 7ff7b70d119b 27749 7ff7b7091d80 8 API calls 27748->27749 27750 7ff7b6f0db4a 27749->27750 27750->27739 27752 7ff7b7091d89 27751->27752 27753 7ff7b6f0dba5 27752->27753 27754 7ff7b7092010 IsProcessorFeaturePresent 27752->27754 27755 7ff7b7092028 27754->27755 27766 7ff7b7092154 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 27755->27766 27757 7ff7b709203b 27767 7ff7b70921c8 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 27757->27767 27760->27744 27762 7ff7b70fa6eb 27761->27762 27764 7ff7b70fa6f3 27762->27764 27765 7ff7b702f5d0 11 API calls 27762->27765 27764->27748 27765->27764 27766->27757 28070 7ff7b6f12420 136 API calls 28071 7ff7b6f01000 8 API calls 28072 7ff7b6f0bc2e 71 API calls 28142 7ff7b701a120 83 API calls 28073 7ff7b6f13030 59 API calls 27914 7ff7b708f61c 27919 7ff7b70b9944 GetLastError 27914->27919 27916 7ff7b708f625 27952 7ff7b70b9fc8 27916->27952 27920 7ff7b70b9985 FlsSetValue 27919->27920 27921 7ff7b70b9968 FlsGetValue 27919->27921 27923 7ff7b70b9997 27920->27923 27941 7ff7b70b9975 27920->27941 27922 7ff7b70b997f 27921->27922 27921->27941 27922->27920 27956 7ff7b708dbf0 27923->27956 27924 7ff7b70b99f1 SetLastError 27926 7ff7b70b9a11 27924->27926 27927 7ff7b70b99fe 27924->27927 27961 7ff7b70aa3c0 61 API calls 27926->27961 27927->27916 27930 7ff7b70b99c4 FlsSetValue 27932 7ff7b70b99e2 27930->27932 27933 7ff7b70b99d0 FlsSetValue 27930->27933 27931 7ff7b70b99b4 FlsSetValue 27931->27941 27960 7ff7b70b9cd8 EnterCriticalSection LeaveCriticalSection 27932->27960 27933->27941 27934 7ff7b70b9a16 27936 7ff7b70b9a44 FlsSetValue 27934->27936 27937 7ff7b70b9a29 FlsGetValue 27934->27937 27938 7ff7b70b9a51 27936->27938 27947 7ff7b70b9a36 27936->27947 27939 7ff7b70b9a3e 27937->27939 27937->27947 27940 7ff7b708dbf0 2 API calls 27938->27940 27939->27936 27944 7ff7b70b9a60 27940->27944 27941->27924 27943 7ff7b70b9ab9 27945 7ff7b70b9a7e FlsSetValue 27944->27945 27946 7ff7b70b9a6e FlsSetValue 27944->27946 27948 7ff7b70b9a8a FlsSetValue 27945->27948 27949 7ff7b70b9a9c 27945->27949 27946->27947 27951 7ff7b70b9a3c 27947->27951 27963 7ff7b70aa3c0 61 API calls 27947->27963 27948->27947 27962 7ff7b70b9cd8 EnterCriticalSection LeaveCriticalSection 27949->27962 27951->27916 27953 7ff7b708f63e 27952->27953 27954 7ff7b70b9fdd 27952->27954 27954->27953 27965 7ff7b70bea30 27954->27965 27957 7ff7b708dc06 27956->27957 27959 7ff7b708dc27 27957->27959 27964 7ff7b71078b0 EnterCriticalSection LeaveCriticalSection 27957->27964 27959->27930 27959->27931 27960->27941 27961->27934 27962->27951 27963->27943 27964->27957 27966 7ff7b70b9944 61 API calls 27965->27966 27967 7ff7b70bea3f 27966->27967 27968 7ff7b70bea8a 27967->27968 27975 7ff7b70bade8 EnterCriticalSection 27967->27975 27968->27953 27970 7ff7b70bea68 27971 7ff7b70bae04 LeaveCriticalSection 27970->27971 27972 7ff7b70bea85 27971->27972 27972->27968 27973 7ff7b70aa3c0 61 API calls 27972->27973 27974 7ff7b70bea9d 27973->27974 28077 7ff7b6f0b975 74 API calls 28078 7ff7b70cec50 15 API calls 27768 7ff7b6f0c93f 27769 7ff7b7091d80 8 API calls 27768->27769 27770 7ff7b6f0c94c 27769->27770 28080 7ff7b7109620 63 API calls 27775 7ff7b6f0db45 8 API calls 28146 7ff7b708cb40 10 API calls 28147 7ff7b6f17148 142 API calls 28148 7ff7b6f07ee0 29 API calls 28149 7ff7b6f15f4e 10 API calls 28084 7ff7b6f0e250 56 API calls 28086 7ff7b6f0a854 VirtualAlloc 28087 7ff7b6f065d8 80 API calls 28151 7ff7b7092570 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 28090 7ff7b6f16a60 16 API calls 28152 7ff7b6f0b360 9 API calls 28154 7ff7b7042370 65 API calls 28155 7ff7b70f4b60 23 API calls 28157 7ff7b7115790 89 API calls 27976 7ff7b6f0a874 27977 7ff7b6f0a85a VirtualAlloc 27976->27977 27978 7ff7b6f0a86e 27977->27978 27979 7ff7b6f0d875 27980 7ff7b6f0d87d 27979->27980 27981 7ff7b7091d80 8 API calls 27980->27981 27982 7ff7b6f0d88a 27981->27982 28158 7ff7b6f0d775 87 API calls 28093 7ff7b6f6ac70 9 API calls 28160 7ff7b70f8f90 66 API calls 28098 7ff7b6f03fad 13 API calls 27771 7ff7b6f2d380 27772 7ff7b6f2d399 27771->27772 27774 7ff7b6f2d392 27771->27774 27773 7ff7b6f2d3cd GetModuleHandleW GetProcAddress 27772->27773 27772->27774 27773->27774 28165 7ff7b6f12d90 134 API calls 28166 7ff7b6f0ab90 73 API calls 28167 7ff7b6f43b90 75 API calls 28168 7ff7b7077b80 TryAcquireSRWLockExclusive AcquireSRWLockExclusive ReleaseSRWLockExclusive 28104 7ff7b6f1369d 12 API calls 28105 7ff7b6f04b90 9 API calls 28170 7ff7b70ff9b0 9 API calls 28171 7ff7b70f45b0 FlsSetValue GetLastError 28106 7ff7b6f106a0 144 API calls 28107 7ff7b6f176a0 61 API calls 28108 7ff7b6f0c6a0 12 API calls 28109 7ff7b70124b0 56 API calls 28110 7ff7b6f154a0 7 API calls 28173 7ff7b6f0cfa0 68 API calls 28174 7ff7b6f0f9a0 13 API calls 27823 7ff7b6f131a8 27824 7ff7b6f131e0 27823->27824 27834 7ff7b701ac90 27824->27834 27826 7ff7b6f131ed 27827 7ff7b6f13229 CreateFileMappingW 27826->27827 27829 7ff7b6f13299 MapViewOfFile 27826->27829 27830 7ff7b6f1327f SetLastError 27826->27830 27831 7ff7b6f133a4 27826->27831 27827->27826 27828 7ff7b6f13254 GetLastError 27827->27828 27828->27826 27833 7ff7b6f132e0 27828->27833 27829->27826 27830->27826 27833->27826 27833->27831 27869 7ff7b707d2d0 GetModuleHandleW GetProcAddress 27833->27869 27835 7ff7b701acee 27834->27835 27859 7ff7b701ae85 27834->27859 27837 7ff7b701b2ce 27835->27837 27841 7ff7b701aef0 27835->27841 27842 7ff7b701ad74 27835->27842 27845 7ff7b701af03 27835->27845 27836 7ff7b701ae91 27840 7ff7b7091d80 8 API calls 27836->27840 27876 7ff7b7101970 15 API calls 27837->27876 27838 7ff7b701aee7 27870 7ff7b701b3a0 35 API calls 27838->27870 27844 7ff7b701ae9e 27840->27844 27841->27836 27877 7ff7b7126ca0 11 API calls 27841->27877 27842->27837 27847 7ff7b701adb8 QueryPerformanceCounter 27842->27847 27850 7ff7b701aeb2 27842->27850 27842->27859 27844->27826 27857 7ff7b701ae59 27845->27857 27874 7ff7b708f6c4 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 27845->27874 27847->27841 27861 7ff7b701ade4 27847->27861 27848 7ff7b701af5f 27853 7ff7b701af96 27848->27853 27860 7ff7b701b0e9 27848->27860 27850->27859 27871 7ff7b6f168e0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 27850->27871 27851 7ff7b701b34a 27851->27826 27852 7ff7b701ae1f TryAcquireSRWLockExclusive 27855 7ff7b701b0d7 AcquireSRWLockExclusive 27852->27855 27864 7ff7b701ae34 27852->27864 27853->27850 27856 7ff7b701ae6f ReleaseSRWLockExclusive 27853->27856 27855->27860 27856->27859 27857->27848 27857->27859 27862 7ff7b701ae67 27857->27862 27875 7ff7b708f6c4 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 27857->27875 27859->27836 27859->27838 27859->27841 27860->27851 27867 7ff7b701b1e0 ReleaseSRWLockExclusive 27860->27867 27868 7ff7b6f168e0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 27860->27868 27861->27852 27872 7ff7b708f6c4 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 27861->27872 27862->27856 27864->27857 27873 7ff7b708f6c4 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 27864->27873 27867->27860 27868->27860 27870->27836 27871->27859 27876->27859 27877->27836 27878 7ff7b71074a0 27880 7ff7b71074b8 27878->27880 27879 7ff7b71074ef 27880->27879 27882 7ff7b6f07760 27880->27882 27883 7ff7b6f07786 27882->27883 27886 7ff7b6f0780a 27882->27886 27884 7ff7b6f07790 VirtualFree 27883->27884 27883->27886 27885 7ff7b6f0783d GetLastError 27884->27885 27884->27886 27885->27886 27887 7ff7b6f07847 VirtualFree 27885->27887 27886->27880 27888 7ff7b6f0787f TryAcquireSRWLockExclusive 27887->27888 27889 7ff7b6f07899 27887->27889 27888->27889 27890 7ff7b6f078de ReleaseSRWLockExclusive 27889->27890 27893 7ff7b70d3dc0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 27889->27893 27894 7ff7b70200e0 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 27889->27894 27890->27889 27894->27889 28114 7ff7b70f44a0 GetLastError 28115 7ff7b6f104b0 100 API calls 28116 7ff7b6f0aab0 77 API calls 28119 7ff7b6f0bab5 OutputDebugStringA 27997 7ff7b6f0c9b6 28008 7ff7b6f0cb30 27997->28008 27999 7ff7b6f0c9e6 28007 7ff7b6f0ca4e 27999->28007 28054 7ff7b6f0ca80 TryAcquireSRWLockExclusive ReleaseSRWLockExclusive TryAcquireSRWLockExclusive AcquireSRWLockExclusive 27999->28054 28009 7ff7b6f0cb59 28008->28009 28010 7ff7b6f0cb64 28008->28010 28055 7ff7b6f0ce60 12 API calls 28009->28055 28014 7ff7b6f0cba1 VirtualAlloc 28010->28014 28016 7ff7b6f0cbb6 28010->28016 28012 7ff7b6f0cd7c VirtualFree 28013 7ff7b6f0cd95 28012->28013 28022 7ff7b6f0cdbb 28012->28022 28020 7ff7b6f0cda2 VirtualFree 28013->28020 28015 7ff7b6f0cbe4 GetLastError 28014->28015 28014->28016 28018 7ff7b6f0cdc8 28015->28018 28019 7ff7b6f0cbf9 28015->28019 28016->28012 28017 7ff7b6f0cbcd 28016->28017 28017->27999 28061 7ff7b7107860 TryAcquireSRWLockExclusive AcquireSRWLockExclusive TryAcquireSRWLockExclusive ReleaseSRWLockExclusive 28018->28061 28056 7ff7b6f0ce60 12 API calls 28019->28056 28020->28022 28022->27999 28024 7ff7b6f0cbfe VirtualAlloc 28030 7ff7b6f0cc69 GetLastError 28024->28030 28031 7ff7b6f0cc4d 28024->28031 28025 7ff7b6f0cdcd 28062 7ff7b7107810 VirtualAlloc GetLastError 28025->28062 28029 7ff7b6f0cddd 28029->28016 28032 7ff7b6f0ccee 28029->28032 28033 7ff7b6f0cc7e 28030->28033 28034 7ff7b6f0ce0d 28030->28034 28031->28017 28031->28020 28031->28032 28032->28017 28057 7ff7b6f0ce60 12 API calls 28033->28057 28063 7ff7b7107860 TryAcquireSRWLockExclusive AcquireSRWLockExclusive TryAcquireSRWLockExclusive ReleaseSRWLockExclusive 28034->28063 28037 7ff7b6f0ce15 28064 7ff7b7107810 VirtualAlloc GetLastError 28037->28064 28038 7ff7b6f0cc83 VirtualAlloc 28041 7ff7b6f0ccd2 28038->28041 28042 7ff7b6f0ccf6 GetLastError 28038->28042 28041->28017 28041->28032 28045 7ff7b6f0cdeb VirtualFree 28041->28045 28043 7ff7b6f0cd0b 28042->28043 28044 7ff7b6f0ce33 28042->28044 28058 7ff7b6f0ce60 12 API calls 28043->28058 28065 7ff7b7107860 TryAcquireSRWLockExclusive AcquireSRWLockExclusive TryAcquireSRWLockExclusive ReleaseSRWLockExclusive 28044->28065 28045->28022 28045->28043 28048 7ff7b6f0ce38 28066 7ff7b7107810 VirtualAlloc GetLastError 28048->28066 28049 7ff7b6f0cd10 28049->28034 28052 7ff7b6f0cd23 28049->28052 28052->28032 28059 7ff7b70cf760 6 API calls 28052->28059 28060 7ff7b70cf7b0 VirtualFree VirtualAlloc GetLastError 28052->28060 28055->28010 28056->28024 28057->28038 28058->28049 28059->28052 28060->28052 28061->28025 28062->28029 28063->28037 28064->28031 28065->28048 28066->28041 28120 7ff7b6f03770 14 API calls 28177 7ff7b7100bd0 69 API calls 28180 7ff7b6f0a3c0 9 API calls 28122 7ff7b6f0b8c3 78 API calls 28181 7ff7b6f09bc3 Sleep 28123 7ff7b6f552c0 94 API calls 27776 7ff7b6f0dbc5 27777 7ff7b6f0db98 27776->27777 27778 7ff7b6f0dbcb 27776->27778 27780 7ff7b7091d80 8 API calls 27777->27780 27783 7ff7b6f0da40 55 API calls 27778->27783 27781 7ff7b6f0dba5 27780->27781 27782 7ff7b6f0db96 27782->27777 27783->27782 28182 7ff7b6f11bca 75 API calls 28126 7ff7b7126ab0 126 API calls 28185 7ff7b6f0ebd0 9 API calls 28127 7ff7b6f090d2 19 API calls 27983 7ff7b70b9abc GetLastError 27984 7ff7b70b9afd FlsSetValue 27983->27984 27988 7ff7b70b9ae0 27983->27988 27985 7ff7b70b9b0f 27984->27985 27994 7ff7b70b9aed 27984->27994 27987 7ff7b708dbf0 2 API calls 27985->27987 27986 7ff7b70b9b69 SetLastError 27989 7ff7b70b9b1e 27987->27989 27988->27984 27988->27994 27990 7ff7b70b9b3c FlsSetValue 27989->27990 27991 7ff7b70b9b2c FlsSetValue 27989->27991 27992 7ff7b70b9b5a 27990->27992 27993 7ff7b70b9b48 FlsSetValue 27990->27993 27991->27994 27996 7ff7b70b9cd8 EnterCriticalSection LeaveCriticalSection 27992->27996 27993->27994 27994->27986 27996->27994 28128 7ff7b6f09ada ReleaseSRWLockExclusive 28129 7ff7b6f01352 74 API calls 28131 7ff7b6f121c0 9 API calls 28189 7ff7b70f53f0 13 API calls 28190 7ff7b6f085e0 64 API calls 28191 7ff7b6f17be0 93 API calls 27784 7ff7b6f0d2e8 27797 7ff7b6f02e10 27784->27797 27787 7ff7b6f0d2b0 27789 7ff7b7091d80 8 API calls 27787->27789 27788 7ff7b6f0d329 27801 7ff7b7046180 27788->27801 27790 7ff7b6f0d2c1 27789->27790 27792 7ff7b6f0d3b3 27793 7ff7b6f0d70f 27792->27793 27808 7ff7b6f0dd60 27792->27808 27795 7ff7b6f0d3f3 27817 7ff7b6f0dc30 27795->27817 27798 7ff7b6f02e58 27797->27798 27799 7ff7b7091d80 8 API calls 27798->27799 27800 7ff7b6f02fee 27799->27800 27800->27787 27800->27788 27807 7ff7b70461c9 27801->27807 27803 7ff7b7046326 27804 7ff7b7091d80 8 API calls 27803->27804 27806 7ff7b704633f 27804->27806 27805 7ff7b70463ba 27805->27792 27806->27792 27807->27805 27821 7ff7b70464a0 8 API calls 27807->27821 27809 7ff7b6f0dd8a 27808->27809 27810 7ff7b7046180 8 API calls 27809->27810 27815 7ff7b6f0de53 27809->27815 27813 7ff7b6f0ddd3 27810->27813 27811 7ff7b7091d80 8 API calls 27812 7ff7b6f0df78 27811->27812 27812->27795 27814 7ff7b6f0df10 27813->27814 27813->27815 27816 7ff7b7046180 8 API calls 27813->27816 27815->27811 27815->27814 27816->27815 27818 7ff7b6f0dc4d 27817->27818 27820 7ff7b6f0dc93 27817->27820 27818->27820 27822 7ff7b708fe00 EnterCriticalSection LeaveCriticalSection 27818->27822 27820->27793 27821->27803 27822->27820 28193 7ff7b6f03440 56 API calls 27895 7ff7b701d5e0 27898 7ff7b701d620 27895->27898 27899 7ff7b701d67d 27898->27899 27903 7ff7b701d5fb 27898->27903 27899->27903 27907 7ff7b701d6b3 27899->27907 27910 7ff7b70901cc EnterCriticalSection LeaveCriticalSection 27899->27910 27901 7ff7b701d6d9 27909 7ff7b708f6c4 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 27901->27909 27905 7ff7b701d726 27911 7ff7b708f6c4 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 27905->27911 27908 7ff7b70901cc EnterCriticalSection LeaveCriticalSection 27907->27908 27908->27901 27910->27905 28135 7ff7b6f086f0 EnterCriticalSection LeaveCriticalSection 28194 7ff7b6f137f2 63 API calls 27672 7ff7b70a3310 27673 7ff7b70a344c 27672->27673 27674 7ff7b70a3471 GetModuleHandleW 27673->27674 27675 7ff7b70a34bb 27673->27675 27674->27675 27681 7ff7b70a347e 27674->27681 27683 7ff7b70a35e0 27675->27683 27678 7ff7b70a34fe 27681->27675 27697 7ff7b70a3384 GetModuleHandleExW 27681->27697 27703 7ff7b70bade8 EnterCriticalSection 27683->27703 27685 7ff7b70a35fc 27686 7ff7b70a3514 EnterCriticalSection LeaveCriticalSection 27685->27686 27687 7ff7b70a3605 27686->27687 27688 7ff7b70bae04 LeaveCriticalSection 27687->27688 27689 7ff7b70a34f7 27688->27689 27689->27678 27690 7ff7b70a3418 27689->27690 27704 7ff7b70a33f4 27690->27704 27692 7ff7b70a3425 27693 7ff7b70a343a 27692->27693 27694 7ff7b70a3429 GetCurrentProcess TerminateProcess 27692->27694 27695 7ff7b70a3384 3 API calls 27693->27695 27694->27693 27696 7ff7b70a3441 ExitProcess 27695->27696 27698 7ff7b70a33e1 27697->27698 27699 7ff7b70a33b8 GetProcAddress 27697->27699 27700 7ff7b70a33e6 FreeLibrary 27698->27700 27701 7ff7b70a33ed 27698->27701 27702 7ff7b70a33ca 27699->27702 27700->27701 27701->27675 27702->27698 27707 7ff7b70bd490 27704->27707 27706 7ff7b70a33fd 27706->27692 27708 7ff7b70bd4a1 27707->27708 27709 7ff7b70bd4af 27708->27709 27711 7ff7b70ba8a4 27708->27711 27709->27706 27714 7ff7b70baae0 27711->27714 27715 7ff7b70ba8cc 27714->27715 27722 7ff7b70bab38 27714->27722 27715->27709 27716 7ff7b70bab6d LoadLibraryExW 27718 7ff7b70bac42 27716->27718 27719 7ff7b70bab92 GetLastError 27716->27719 27717 7ff7b70bac62 GetProcAddress 27717->27715 27721 7ff7b70bac73 27717->27721 27718->27717 27720 7ff7b70bac59 FreeLibrary 27718->27720 27719->27722 27720->27717 27721->27715 27722->27715 27722->27716 27722->27717 27723 7ff7b70babcc LoadLibraryExW 27722->27723 27723->27718 27723->27722 28196 7ff7b6f07430 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 28137 7ff7b6f09d00 62 API calls 28197 7ff7b6f0be00 GetLastError SetLastError 28199 7ff7b6f0d79e 92 API calls 28139 7ff7b6f0d10a 75 API calls 28200 7ff7b6f03620 9 API calls

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 00007FF7B6F0CB30 Relevance: 11.5, APIs: 9, Instructions: 223memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 60 7ff7b6f0cb30-7ff7b6f0cb57 61 7ff7b6f0cb59-7ff7b6f0cb6a call 7ff7b6f0ce60 60->61 62 7ff7b6f0cb6d-7ff7b6f0cb71 60->62 61->62 64 7ff7b6f0cb77-7ff7b6f0cb7e 62->64 65 7ff7b6f0cd79-7ff7b6f0cd7a 62->65 68 7ff7b6f0cb8e-7ff7b6f0cb9b 64->68 69 7ff7b6f0cb80-7ff7b6f0cb8c 64->69 66 7ff7b6f0cd7c-7ff7b6f0cd8f VirtualFree 65->66 70 7ff7b6f0cd95 66->70 71 7ff7b6f0ce56-7ff7b6f0ce59 66->71 72 7ff7b6f0cba1-7ff7b6f0cbb4 VirtualAlloc 68->72 69->72 78 7ff7b6f0cda2-7ff7b6f0cdb5 VirtualFree 70->78 73 7ff7b6f0cbe4-7ff7b6f0cbf3 GetLastError 72->73 74 7ff7b6f0cbb6-7ff7b6f0cbc7 72->74 76 7ff7b6f0cdc8-7ff7b6f0cde0 call 7ff7b7107860 call 7ff7b7107810 73->76 77 7ff7b6f0cbf9-7ff7b6f0cc19 call 7ff7b6f0ce60 73->77 74->66 75 7ff7b6f0cbcd 74->75 79 7ff7b6f0cbd0-7ff7b6f0cbe3 75->79 76->74 92 7ff7b6f0cde6 76->92 85 7ff7b6f0cc29-7ff7b6f0cc36 77->85 86 7ff7b6f0cc1b-7ff7b6f0cc27 77->86 78->71 81 7ff7b6f0cdbb-7ff7b6f0cdc3 78->81 88 7ff7b6f0cc3c-7ff7b6f0cc4b VirtualAlloc 85->88 86->88 90 7ff7b6f0cc69-7ff7b6f0cc78 GetLastError 88->90 91 7ff7b6f0cc4d-7ff7b6f0cc5e 88->91 94 7ff7b6f0cc7e-7ff7b6f0cc9e call 7ff7b6f0ce60 90->94 95 7ff7b6f0ce10-7ff7b6f0ce28 call 7ff7b7107860 call 7ff7b7107810 90->95 91->75 93 7ff7b6f0cc64 91->93 92->79 93->78 101 7ff7b6f0ccae-7ff7b6f0ccbb 94->101 102 7ff7b6f0cca0-7ff7b6f0ccac 94->102 95->91 107 7ff7b6f0ce2e 95->107 103 7ff7b6f0ccc1-7ff7b6f0ccd0 VirtualAlloc 101->103 102->103 105 7ff7b6f0ccd2-7ff7b6f0cce3 103->105 106 7ff7b6f0ccf6-7ff7b6f0cd05 GetLastError 103->106 105->75 108 7ff7b6f0cce9-7ff7b6f0cdfe VirtualFree 105->108 109 7ff7b6f0cd0b-7ff7b6f0cd1d call 7ff7b6f0ce60 106->109 110 7ff7b6f0ce33-7ff7b6f0ce4b call 7ff7b7107860 call 7ff7b7107810 106->110 107->79 108->71 116 7ff7b6f0ce00-7ff7b6f0ce08 108->116 118 7ff7b6f0ce0d-7ff7b6f0ce0e 109->118 119 7ff7b6f0cd23-7ff7b6f0cd31 call 7ff7b70cf760 109->119 110->105 122 7ff7b6f0ce51 110->122 116->109 118->95 124 7ff7b6f0ccee-7ff7b6f0ccf1 119->124 125 7ff7b6f0cd33-7ff7b6f0cd72 call 7ff7b70cf7b0 119->125 122->79 124->79 125->119 128 7ff7b6f0cd74 125->128 128->79
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Virtual$Alloc$ErrorFreeLast$ExclusiveLock$AcquireRelease
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2766871365-0
                                                                                                                                                                                                      • Opcode ID: 442683ba7d0118f1a2df787b1e5223878b02f907284672e2e0345821d0b66b36
                                                                                                                                                                                                      • Instruction ID: da250ac6d94ec7537375e141b4bc2433c302e3d07755b25c3148cecbab686343
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 442683ba7d0118f1a2df787b1e5223878b02f907284672e2e0345821d0b66b36
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C571C311B0D11F4AF928BF6AAC1573A95816FA7F85FC4847ADF0E46798ED3CE0028230
                                                                                                                                                                                                      Function 00007FF7B70BAAE0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 117libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                      • String ID: MZx$api-ms-$ext-ms-
                                                                                                                                                                                                      • API String ID: 3013587201-2431898299
                                                                                                                                                                                                      • Opcode ID: f62ba375cc99320173938f47b475f81c464cfdb0b8375877cb90dd21ed36f199
                                                                                                                                                                                                      • Instruction ID: 394e142b903e3881d7150e077183ef4189362ce8b54062553063be43f01d91c4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f62ba375cc99320173938f47b475f81c464cfdb0b8375877cb90dd21ed36f199
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23410961B1D60245EA15EB1DA800A75E391BF67B90F884536EF1D9736CDF3CE9069320
                                                                                                                                                                                                      Function 00007FF7B6F131A8 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 84fileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorExclusiveFileLastLock$AcquireCounterCreateMappingPerformanceQueryReleaseView
                                                                                                                                                                                                      • String ID: ..\..\base\files\memory_mapped_file_win.cc$MapImageToMemory$ScopedBlockingCall
                                                                                                                                                                                                      • API String ID: 749074358-923734411
                                                                                                                                                                                                      • Opcode ID: 3ca7be56e4b2440b0a122089fc37f29de5e601457063a0e703d7036dac9898eb
                                                                                                                                                                                                      • Instruction ID: 7282115df393348abe501253c232577005177ab87e1d9a4e14497ee4734db18e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ca7be56e4b2440b0a122089fc37f29de5e601457063a0e703d7036dac9898eb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5141796260CA8585EB20BF28E4543BAB361FFA2785F805135D74E57A69CF3DE006C760
                                                                                                                                                                                                      Function 00007FF7B70B9ABC Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2506987500-0
                                                                                                                                                                                                      • Opcode ID: 17a589d1c1f379eacef5e6c0bd0733130ae60d0855bed1cdd581d88b0803d744
                                                                                                                                                                                                      • Instruction ID: 0fba7a652d8415b882681e84bf9eeaaf679348ac00542bf793be325274b75958
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17a589d1c1f379eacef5e6c0bd0733130ae60d0855bed1cdd581d88b0803d744
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58116220B1C24681F914B32DA555639F1619F6A7B0F804736FA3E877FEDE2CA5435230
                                                                                                                                                                                                      Function 00007FF7B6F07760 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeVirtual$AcquireErrorExclusiveLastLock
                                                                                                                                                                                                      • String ID: bitset reset argument out of range
                                                                                                                                                                                                      • API String ID: 2644420941-1934458321
                                                                                                                                                                                                      • Opcode ID: eae76849e8b56352ce3349d71a6944e1a1a2b1c1d581672ee630990d7e54f6c2
                                                                                                                                                                                                      • Instruction ID: c73629d0e35c3df7fb98058035b6c99f6b52db2ad055e0044badd01d3fff509f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eae76849e8b56352ce3349d71a6944e1a1a2b1c1d581672ee630990d7e54f6c2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2411663B0864A46EE186B2ABD44375A251EF657E2F544234DF3E477E8DE3CD192C320
                                                                                                                                                                                                      Function 00007FF7B6F2D380 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(?,?,00000000,?,00007FF7B710612A), ref: 00007FF7B6F2D3CF
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,?,00007FF7B710612A), ref: 00007FF7B6F2D3DF
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                      • String ID: GetHandleVerifier
                                                                                                                                                                                                      • API String ID: 1646373207-1090674830
                                                                                                                                                                                                      • Opcode ID: bcc297007104149b084b44e72736f219aa0caccca860cddd7c8f32f43ff66340
                                                                                                                                                                                                      • Instruction ID: 384ddffa520701bc2b92af6e069f6fb963ef54384083d3357255a34f7329b84d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bcc297007104149b084b44e72736f219aa0caccca860cddd7c8f32f43ff66340
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F01A921E0D60F84EA18BB2DF8453799311BF62B82FD44475DB0E563A8DF3CA44A8730
                                                                                                                                                                                                      Function 00007FF7B70A3418 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1703294689-0
                                                                                                                                                                                                      • Opcode ID: 3ca9ba6312e453267e7cde18b8c7ebf2ac160829bbb87b78e92c9bde6d5cc7cd
                                                                                                                                                                                                      • Instruction ID: 18f728060f33c16fd4daea4e7d673091c066a74af9efbd4c69ffd8dc0e6e6374
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ca9ba6312e453267e7cde18b8c7ebf2ac160829bbb87b78e92c9bde6d5cc7cd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4AD01710F0C60A42EB043B386C46038D2116FBA701FC01438DA2B463ABDE2CA40F8630
                                                                                                                                                                                                      Function 00007FF7B6F0D919 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentMemoryPrefetchProcessVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3768025762-0
                                                                                                                                                                                                      • Opcode ID: c3444246638c9a23fcf53583f3de372300e9ccf56ef9e25f0cc0996809809f2d
                                                                                                                                                                                                      • Instruction ID: 487cc564c6fc03bb6d9b65046d406244279de0ee42fbe91c32ee8272d7333656
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3444246638c9a23fcf53583f3de372300e9ccf56ef9e25f0cc0996809809f2d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71F06222B09A5642EB50BF29B86036AA350EFD5B80F800035EB8E93B59CE2CE5428750
                                                                                                                                                                                                      Function 00007FF7B70A3310 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(?,?,?,-555555555555558E,00007FF7B70AA415,00007FF7B7094B26), ref: 00007FF7B70A3473
                                                                                                                                                                                                        • Part of subcall function 00007FF7B70A3384: GetModuleHandleExW.KERNEL32 ref: 00007FF7B70A33A9
                                                                                                                                                                                                        • Part of subcall function 00007FF7B70A3384: GetProcAddress.KERNEL32 ref: 00007FF7B70A33BF
                                                                                                                                                                                                        • Part of subcall function 00007FF7B70A3384: FreeLibrary.KERNEL32 ref: 00007FF7B70A33E6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3947729631-0
                                                                                                                                                                                                      • Opcode ID: 5e706cbd645769a22e04ee85e3b017882edef3e1d303226b89b939128290d06c
                                                                                                                                                                                                      • Instruction ID: 48220f6e8709e339ef92ab78e42a27b2505e003a05151bf7da7dcad5f613eb1d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e706cbd645769a22e04ee85e3b017882edef3e1d303226b89b939128290d06c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A21B432A04B028AEB25EF78C4402ACB7A0EB15318F440636D71D46AE9DF7CE446CBA0
                                                                                                                                                                                                      Function 00007FF7B6F0A874 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 250 7ff7b6f0a874-7ff7b6f0a87a VirtualAlloc 252 7ff7b6f0a86e-7ff7b6f0a873 250->252
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                                      • Opcode ID: 200c51e6a23d2084d203cc7c1e7f85710ca22c2e49926b5ba8c65aa3c01ade86
                                                                                                                                                                                                      • Instruction ID: 349ab7adc83a8c7238cbb8a90643c23ed3eff8de57d415c747b8f3cac6878961
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 200c51e6a23d2084d203cc7c1e7f85710ca22c2e49926b5ba8c65aa3c01ade86
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5C08C51F0C05540FE693B5A78047B580800F26FC2E9840B8CF1D02AC8CD1DA9C31730
                                                                                                                                                                                                      Function 00007FF7B6F0A854 Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 253 7ff7b6f0a854-7ff7b6f0a873 VirtualAlloc
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                                      • Opcode ID: 5e537fd50c9412a7d8a1e1e3c464935a1e0c5cc40d7e4e3e39b72788bff5495d
                                                                                                                                                                                                      • Instruction ID: 07d6359732f792d21c2968d688748a48d3d1f20f1008004f9eb3a552f74aa32f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e537fd50c9412a7d8a1e1e3c464935a1e0c5cc40d7e4e3e39b72788bff5495d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60C02B51F0C01000FE65374674007A140400F25FC2F440078CF1C067C8CD1DA9C30730

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 00007FF7B7063D60 Relevance: 33.6, APIs: 9, Strings: 10, Instructions: 340libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast$AddressHandleModuleProc$CreateEventUnregisterWait
                                                                                                                                                                                                      • String ID: %s (errno: %d, %s)$..\..\base\win\object_watcher.cc$..\..\third_party\perfetto\include\perfetto\tracing\track_event_category_registry.h$E$GetHandleVerifier$PERFETTO_CHECK(false && "A track event used an unknown category. Please add it to " "PERFETTO_DEFINE_CATEGORIES().")$ScopedAllowBaseSyncPrimitivesOutsideBlockingScope$StopWatching$wakeup.flow,toplevel.flow$~WaitableEvent while Signaled
                                                                                                                                                                                                      • API String ID: 4242144599-1331118484
                                                                                                                                                                                                      • Opcode ID: c772cbe954efb059944131839d17e6b69ee4fc08fa53617998e99933ef5df677
                                                                                                                                                                                                      • Instruction ID: fdf272aed749de0dda8f5d79dae3e048261a1a6c49774cc503a8551ed0d21ecb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c772cbe954efb059944131839d17e6b69ee4fc08fa53617998e99933ef5df677
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4BF14D21A0C64681FA24AB28E464379E3A0AFA6744FD44136DB4EC76B9DF3DE546C370
                                                                                                                                                                                                      Function 00007FF7B701A120 Relevance: 32.0, APIs: 12, Strings: 6, Instructions: 483synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireErrorLast$CounterPerformanceQueryRelease$ObjectSingleWait
                                                                                                                                                                                                      • String ID: ..\..\base\synchronization\waitable_event.cc$..\..\third_party\libc++\src\include\optional:795: assertion this->has_value() failed: optional operator* called on a disengaged value$<$ScopedBlockingCallWithBaseSyncPrimitives$TimedWait$WaitableEvent::Wait Complete
                                                                                                                                                                                                      • API String ID: 3660234338-3677309058
                                                                                                                                                                                                      • Opcode ID: 69cc89e5e22b1b20ddfbd0be726e86108245f59104dc1d2d98dc684c38d73a8a
                                                                                                                                                                                                      • Instruction ID: a3e36316bfd03f86f6eabf6188da98077d7ae1bdb8d94fbf5b24ab1fa2d12792
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 69cc89e5e22b1b20ddfbd0be726e86108245f59104dc1d2d98dc684c38d73a8a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD22D961A0C68644EA61AB2CE414379E351FFA6794FC44133EB4E57AB9EF7CE0479320
                                                                                                                                                                                                      Function 00007FF7B6F42370 Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 305filelibraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorExclusiveLastLock$AcquireAddressCounterCreateFileFreeHandleLocalModulePerformanceProcQueryRelease
                                                                                                                                                                                                      • String ID: ..\..\base\win\security_util.cc$AddACEToPath$GetHandleVerifier$ScopedBlockingCall
                                                                                                                                                                                                      • API String ID: 2791517501-314747623
                                                                                                                                                                                                      • Opcode ID: 1ce6de7ffafd167b9828ca45fb75d05b34729dadc1556e7610ae8ecd8f1e0927
                                                                                                                                                                                                      • Instruction ID: dc8d877881685ce4c5da17fa9fa658cf7f9b49b291e0e4bd11d3b763a89724a0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ce6de7ffafd167b9828ca45fb75d05b34729dadc1556e7610ae8ecd8f1e0927
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DAD19531A0C68A45EA21AB29A8047FBE361FFA6795F840171DB8D07B9DDF3DD442C720
                                                                                                                                                                                                      Function 00007FF7B7014400 Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 391COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • UUUUUUUU, xrefs: 00007FF7B701449C
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00007FF7B7014905
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00007FF7B70148DF
                                                                                                                                                                                                      • 33333333, xrefs: 00007FF7B70144AF
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00007FF7B70148F2
                                                                                                                                                                                                      • 33333333, xrefs: 00007FF7B7014995
                                                                                                                                                                                                      • UUUUUUUU, xrefs: 00007FF7B7014982
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$33333333$33333333$UUUUUUUU$UUUUUUUU
                                                                                                                                                                                                      • API String ID: 1678258262-3195743867
                                                                                                                                                                                                      • Opcode ID: 04d17064aeeab1e6256c76f66e43b95304fd6d3c9011d4062140478771b1871b
                                                                                                                                                                                                      • Instruction ID: 907c8abaf739b27507b5e04acd7e9f7f1bb0b30782f4dea252e762a25e6367b8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 04d17064aeeab1e6256c76f66e43b95304fd6d3c9011d4062140478771b1871b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15E1B461B1964A41EE10EB199414278A291AF67BD0FD88133FB1D97BBDFE3CF4468321
                                                                                                                                                                                                      Function 00007FF7B6F67D70 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 118filelibraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorExclusiveFileLastLock$AcquireAddressAttributesCounterCreateHandleModulePerformanceProcQueryRelease
                                                                                                                                                                                                      • String ID: ..\..\base\files\file_util_win.cc$GetHandleVerifier$PathHasAccess$ScopedBlockingCall
                                                                                                                                                                                                      • API String ID: 2667162048-2304908607
                                                                                                                                                                                                      • Opcode ID: d9cd1c7a7c588e87231810353091ec5c7715d25295d8e448549a5daa6d6bdbb9
                                                                                                                                                                                                      • Instruction ID: f4836d81439902c1db8b7571c7bfbb112f6a2b036db5f21b42e3ce47d8d5af61
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9cd1c7a7c588e87231810353091ec5c7715d25295d8e448549a5daa6d6bdbb9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B51A221A0C68A85FF206B2CF8547BAA361AFA6755FC40135DB5D876ACDF3CE446C360
                                                                                                                                                                                                      Function 00007FF7B7056780 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 134libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                      • String ID: ..\..\base\files\file_win.cc$Close$GetHandleVerifier$ScopedBlockingCall$chrome.dll
                                                                                                                                                                                                      • API String ID: 1646373207-503312030
                                                                                                                                                                                                      • Opcode ID: 94fb3b505eddd3c0be3a31eb00a5a53cf9495469a36bdb9a36b989de424ce653
                                                                                                                                                                                                      • Instruction ID: 2c0168134078ff205350d0c432958c7da97ce821761c52d8fd1fe293cfb271c6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 94fb3b505eddd3c0be3a31eb00a5a53cf9495469a36bdb9a36b989de424ce653
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11513635A1C64690FB24AB2DF4953B9A361AFA2B44FC44136D74E963B9DE3CE0468330
                                                                                                                                                                                                      Function 00007FF7B6F13030 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 152fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFileLast$CreateMappingView
                                                                                                                                                                                                      • String ID: GetHandleVerifier$ScopedBlockingCall
                                                                                                                                                                                                      • API String ID: 2231327692-2236759826
                                                                                                                                                                                                      • Opcode ID: 849f86534b8bd3118d3e33b8a2c3d4f337924ba9016d2b6cdfacc10d284dc5c9
                                                                                                                                                                                                      • Instruction ID: 675712c76c661069da2b2ee621bb50996578cede201ba1aab0b1b7de850bb6e6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 849f86534b8bd3118d3e33b8a2c3d4f337924ba9016d2b6cdfacc10d284dc5c9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3251FA62B1D64A46FA24AB29E84537AE390BF66BC5FC05435CB4E527ACDF3DE4058320
                                                                                                                                                                                                      Function 00007FF7B70BBD4C Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1239891234-0
                                                                                                                                                                                                      • Opcode ID: 37a5bafb765a1a2e203d0819b5160b47ed21406f916dd45255f5d72f3ba8c791
                                                                                                                                                                                                      • Instruction ID: fc5cf871abbde31736bbe18d7a08544749ee26382ae1ed6bce8caed1cbbfc5ae
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37a5bafb765a1a2e203d0819b5160b47ed21406f916dd45255f5d72f3ba8c791
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58316232618F8186D760DF29E8402AEB3A0FB99754F940136EB9D43B69DF3CD1568B10
                                                                                                                                                                                                      Function 00007FF7B7017980 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 319COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7B70121D4), ref: 00007FF7B7017B10
                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7B70121D4), ref: 00007FF7B7017BF4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                      • String ID: 33333333$UUUUUUUU
                                                                                                                                                                                                      • API String ID: 17069307-3483174168
                                                                                                                                                                                                      • Opcode ID: f1942bacb461b84085248a5edf8a08e3d2b848dc49700cfc04d40197d58485f9
                                                                                                                                                                                                      • Instruction ID: 51f908cd9c9b1347b8521800f2952160b610086465e58e07a7d36fb262ce5f57
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1942bacb461b84085248a5edf8a08e3d2b848dc49700cfc04d40197d58485f9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 96D1C732A1C64641EB24AB1DD440779A391ABB6B94FD45032EB4D87BBCEF3CE5438721
                                                                                                                                                                                                      Function 00007FF7B6F2AA40 Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 499COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\__memory\assume_aligned.h:34: assertion reinterpret_cast<uintptr_t>(__ptr) % _Np == 0 failed: Alignment assumption is violated, xrefs: 00007FF7B6F2AEB6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AcquireExclusiveLock
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\__memory\assume_aligned.h:34: assertion reinterpret_cast<uintptr_t>(__ptr) % _Np == 0 failed: Alignment assumption is violated
                                                                                                                                                                                                      • API String ID: 4021432409-4093645785
                                                                                                                                                                                                      • Opcode ID: 54e8e159f6a3cff592dada9f875e7e8cb51b7f492c4fdf2420e5d51943f6cebc
                                                                                                                                                                                                      • Instruction ID: 0b4028e7566aa161fdd86b21e95a6d89a2b43131652e7e8a435ebcf7c9049ed6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 54e8e159f6a3cff592dada9f875e7e8cb51b7f492c4fdf2420e5d51943f6cebc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2121862E0854A86FB15AB2DE801379A392EFA6B55FC44571DB1D473E8DE2CE483C330
                                                                                                                                                                                                      Function 00007FF7B6F246E0 Relevance: 21.3, APIs: 4, Strings: 8, Instructions: 287timeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7B70F8DDC), ref: 00007FF7B6F2470B
                                                                                                                                                                                                      • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7B70F8DDC), ref: 00007FF7B6F24715
                                                                                                                                                                                                      • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7B70F8DDC), ref: 00007FF7B6F247AD
                                                                                                                                                                                                      • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7B70F8DDC), ref: 00007FF7B6F249F1
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\string_view:422: assertion __n <= size() failed: remove_prefix() can't remove more than size(), xrefs: 00007FF7B6F24AAD
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\string_view:330: assertion (__end - __begin) >= 0 failed: std::string_view::string_view(iterator, sentinel) received invalid range, xrefs: 00007FF7B6F24A7C
                                                                                                                                                                                                      • UNKNOWN, xrefs: 00007FF7B6F24A4C
                                                                                                                                                                                                      • :.#, xrefs: 00007FF7B6F248FB
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00007FF7B6F24AC0
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00007FF7B6F24A69
                                                                                                                                                                                                      • )] , xrefs: 00007FF7B6F2493D
                                                                                                                                                                                                      • VERBOSE, xrefs: 00007FF7B6F24B0D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast$LocalTime
                                                                                                                                                                                                      • String ID: )] $..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:330: assertion (__end - __begin) >= 0 failed: std::string_view::string_view(iterator, sentinel) received invalid range$..\..\third_party\libc++\src\include\string_view:422: assertion __n <= size() failed: remove_prefix() can't remove more than size()$:.#$UNKNOWN$VERBOSE
                                                                                                                                                                                                      • API String ID: 3586426482-628810564
                                                                                                                                                                                                      • Opcode ID: 64fe0f400156fd11e53de9dd0257ef4975a81fe31cbc8fab50a424d960d8261f
                                                                                                                                                                                                      • Instruction ID: 3fe4f99f50e0469ee3ab1cd6650a485e3bba849c3d46441a729126e6c90aa3a4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 64fe0f400156fd11e53de9dd0257ef4975a81fe31cbc8fab50a424d960d8261f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FBC1FD22B0864685DA10FB19E84027AF7A1FBA6B85FC44035EF5E477A9DF7CE541CB20
                                                                                                                                                                                                      Function 00007FF7B7064A70 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 286COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\optional:795: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 00007FF7B7064E9B
                                                                                                                                                                                                      • <, xrefs: 00007FF7B7064E00
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireErrorLast$Release$CounterPerformanceQuery
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\optional:795: assertion this->has_value() failed: optional operator* called on a disengaged value$<
                                                                                                                                                                                                      • API String ID: 593636287-1283766859
                                                                                                                                                                                                      • Opcode ID: 08d47e2442754ed6fe9401e55337b6ed1ee520d5d3e3ac847ca1a73184e45fd2
                                                                                                                                                                                                      • Instruction ID: 7e1ad435189ef02c3e4d839018a938dba68285a8c89f3a3e9314fd2b4fd61ba2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08d47e2442754ed6fe9401e55337b6ed1ee520d5d3e3ac847ca1a73184e45fd2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69C10B21B0C64640EA51AF18E520379E361EFA6B94F849133EB5E972B8DF7CE143C320
                                                                                                                                                                                                      Function 00007FF7B70B9944 Relevance: 18.1, APIs: 12, Instructions: 112COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2506987500-0
                                                                                                                                                                                                      • Opcode ID: 66fbf840c08a6b387d4b454c22104f3b9e9017bf33a397f87223251485714dde
                                                                                                                                                                                                      • Instruction ID: 216058c314053ed5be16cf360cd82b9a7859bace476aa7af13f8dac488f85ea1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 66fbf840c08a6b387d4b454c22104f3b9e9017bf33a397f87223251485714dde
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA418C20A1C24685FA58B33CA451279E1619FA63B0F944736FB3E867FEDD2DB5439230
                                                                                                                                                                                                      Function 00007FF7B70F4B60 Relevance: 16.6, APIs: 11, Instructions: 95synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • OpenProcess.KERNEL32(?,?,00000000,?,00007FF7B7106012), ref: 00007FF7B70F4B73
                                                                                                                                                                                                        • Part of subcall function 00007FF7B7018CA0: GetLastError.KERNEL32(?,00000000,?,?,00007FF7B70F4B8E,?,?,00000000,?,00007FF7B7106012), ref: 00007FF7B7018CB4
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,?,00000000,?,00007FF7B7106012), ref: 00007FF7B70F4B92
                                                                                                                                                                                                      • TerminateProcess.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,?,00007FF7B7106012), ref: 00007FF7B70F4BE4
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,?,00007FF7B7106012), ref: 00007FF7B70F4C0E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Process$CurrentErrorLastObjectOpenSingleTerminateWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1730147810-0
                                                                                                                                                                                                      • Opcode ID: 97bedd771476fc351bd93f24a3950520c4df7e47bd57524f88939ff4c80985a5
                                                                                                                                                                                                      • Instruction ID: 279f8ebd94ef6bcc3985e659939118ec19ab973d2bfaede02a1fee3a2e08bb16
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97bedd771476fc351bd93f24a3950520c4df7e47bd57524f88939ff4c80985a5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B431A421A0C54685F7646B2EB484239E2919FEAB81FD44431DF5E8B778DE6CE4878370
                                                                                                                                                                                                      Function 00007FF7B7059990 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 395COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireRelease$CounterPerformanceQuery
                                                                                                                                                                                                      • String ID: ..\..\base\threading\scoped_blocking_call_internal.cc$MonitorNextJankWindowIfNecessary$ScopedBlockingCall$enable-background-thread-pool
                                                                                                                                                                                                      • API String ID: 1190089479-2521901312
                                                                                                                                                                                                      • Opcode ID: 2eab78d5c30c78e991a03c54a860abfbd8eac4af488ec6ea063edca15e6ef923
                                                                                                                                                                                                      • Instruction ID: bff0ca351f25424825cc56a59220120f1ceec80c66a2c52fa342e1a05c71feaa
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2eab78d5c30c78e991a03c54a860abfbd8eac4af488ec6ea063edca15e6ef923
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46026E21A2964685FB50EB29E484379B794EBA6754FD00232DB5E862F9DF3CE447C330
                                                                                                                                                                                                      Function 00007FF7B6F0CFA0 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 219libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00007FF7B7045032
                                                                                                                                                                                                      • PERFETTO_CHECK(false && "A track event used an unknown category. Please add it to " "PERFETTO_DEFINE_CATEGORIES()."), xrefs: 00007FF7B7045244
                                                                                                                                                                                                      • ..\..\third_party\perfetto\include\perfetto\tracing\track_event_category_registry.h, xrefs: 00007FF7B704522F
                                                                                                                                                                                                      • GetHandleVerifier, xrefs: 00007FF7B7045174
                                                                                                                                                                                                      • wakeup.flow,toplevel.flow, xrefs: 00007FF7B7045103
                                                                                                                                                                                                      • %s (errno: %d, %s), xrefs: 00007FF7B7045250
                                                                                                                                                                                                      • ~WaitableEvent while Signaled, xrefs: 00007FF7B70451F0
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                      • String ID: %s (errno: %d, %s)$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\perfetto\include\perfetto\tracing\track_event_category_registry.h$GetHandleVerifier$PERFETTO_CHECK(false && "A track event used an unknown category. Please add it to " "PERFETTO_DEFINE_CATEGORIES().")$wakeup.flow,toplevel.flow$~WaitableEvent while Signaled
                                                                                                                                                                                                      • API String ID: 1646373207-3329794532
                                                                                                                                                                                                      • Opcode ID: 04c24063a361647e1660526d110b7b44d790feaf9711962100f8c1d58b663c98
                                                                                                                                                                                                      • Instruction ID: 203c444e73fb9478a727f99f2ab92867d8725ece5b9161603c70e061776d4332
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 04c24063a361647e1660526d110b7b44d790feaf9711962100f8c1d58b663c98
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8DA18D21A09A4681EA10BB18E856379A3B0AF66794FD44532EB5D877F9DF3CE543C330
                                                                                                                                                                                                      Function 00007FF7B6F16C00 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 139COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,00000000,?,?,00007FF7B6F6939E,?,?,?,?,?,?,00007FF7B710C978), ref: 00007FF7B6F16D51
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,?,?,00007FF7B6F6939E,?,?,?,?,?,?,00007FF7B710C978), ref: 00007FF7B6F16DB7
                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00000000,?,?,00007FF7B6F6939E,?,?,?,?,?,?,00007FF7B710C978), ref: 00007FF7B6F16DCC
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\vector:618: assertion !empty() failed: front() called on an empty vector, xrefs: 00007FF7B6F16E3B
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireCounterPerformanceQueryRelease
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\vector:618: assertion !empty() failed: front() called on an empty vector
                                                                                                                                                                                                      • API String ID: 465813119-3459903379
                                                                                                                                                                                                      • Opcode ID: 3fa605a47a94c84a8d94fb88316f22e0170241ecb0c9b4ff835e624d443640c4
                                                                                                                                                                                                      • Instruction ID: 2e92309a14c4c149aad865a51014e8a1a41f95484d53bbb898c302a7537b8a8d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3fa605a47a94c84a8d94fb88316f22e0170241ecb0c9b4ff835e624d443640c4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1519572A0970985EA64AB59E84037AB361EBE5BD1FD40531DB5E077B8CF3CE582C360
                                                                                                                                                                                                      Function 00007FF7B6F50EB0 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 103COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFileLastPointer
                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\client\settings.cc$..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc$SetFilePointerEx$Settings magic is not $Settings version is not $sdPC$sdPC
                                                                                                                                                                                                      • API String ID: 2976181284-3837614210
                                                                                                                                                                                                      • Opcode ID: 18043df3941772c1182e7f98ecdd1d0d80da29b1e1a257d7dacc8f6d2a139457
                                                                                                                                                                                                      • Instruction ID: f5d3446e3afd077ad7af0ea5b13aa14289e8a3faaa8057c84ad1c3c84bb7da29
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 18043df3941772c1182e7f98ecdd1d0d80da29b1e1a257d7dacc8f6d2a139457
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C41C631B0D54A44FA60BB19A8503BAE395EBA6BC1FC00032EB4D17AADCD2CD647C731
                                                                                                                                                                                                      Function 00007FF7B702A7B0 Relevance: 15.2, APIs: 10, Instructions: 202COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00007FF7B6F108A1,?,?,?,00007FF7B6F08477), ref: 00007FF7B702A84A
                                                                                                                                                                                                      • WakeAllConditionVariable.KERNEL32(?,00007FF7B6F108A1,?,?,?,00007FF7B6F08477), ref: 00007FF7B702A85D
                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,00007FF7B6F108A1,?,?,?,00007FF7B6F08477), ref: 00007FF7B702A866
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(?,00007FF7B6F108A1,?,?,?,00007FF7B6F08477), ref: 00007FF7B702A86F
                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,00007FF7B6F108A1,?,?,?,00007FF7B6F08477), ref: 00007FF7B702A8A3
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00007FF7B6F108A1,?,?,?,00007FF7B6F08477), ref: 00007FF7B702A902
                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,00007FF7B6F108A1,?,?,?,00007FF7B6F08477), ref: 00007FF7B702A91D
                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?,00007FF7B6F108A1,?,?,?,00007FF7B6F08477), ref: 00007FF7B702A971
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$Acquire$Release$ConditionVariableWake
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2824607059-0
                                                                                                                                                                                                      • Opcode ID: 8e77a3fe88fc331cb260b54d921ec30572af2c294b68929751547e39458cfd0d
                                                                                                                                                                                                      • Instruction ID: c8699d808db5e6e0cb41a2972dbcf7e61c76d3832dc3e4f2c213a6ca7616263d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e77a3fe88fc331cb260b54d921ec30572af2c294b68929751547e39458cfd0d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C771B363E1D54685EA55BB19A904239A310BFA6BA4FC44133DF2E427F8DF3CE447E220
                                                                                                                                                                                                      Function 00007FF7B6F1A9E0 Relevance: 15.2, APIs: 10, Instructions: 161COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00007FF7B6F08527), ref: 00007FF7B6F1AA48
                                                                                                                                                                                                      • WakeAllConditionVariable.KERNEL32(?,?,?,?,?,?,00007FF7B6F08527), ref: 00007FF7B6F1AA5A
                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00007FF7B6F08527), ref: 00007FF7B6F1AA63
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00007FF7B6F08527), ref: 00007FF7B6F1AA6C
                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00007FF7B6F08527), ref: 00007FF7B6F1AA9A
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00007FF7B6F08527), ref: 00007FF7B6F1AAD9
                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00007FF7B6F08527), ref: 00007FF7B6F1AAF3
                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00007FF7B6F08527), ref: 00007FF7B6F1AB01
                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00007FF7B6F08527), ref: 00007FF7B6F1AB0F
                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00007FF7B6F08527), ref: 00007FF7B6F1AB93
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$Acquire$Release$ConditionVariableWake
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2824607059-0
                                                                                                                                                                                                      • Opcode ID: 3fd916b32646a6655159d8ec0190fb68d5c18b9fca521f909d91b4d9ca35b040
                                                                                                                                                                                                      • Instruction ID: d92c335dce42726a84ec844f2bc509d11483c524f8826607e269af05d9f9a0db
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3fd916b32646a6655159d8ec0190fb68d5c18b9fca521f909d91b4d9ca35b040
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD51C991F1854E89E514FF19AC04576A351BFA7BE6FC80671DF2E022E8DE3CE446C220
                                                                                                                                                                                                      Function 00007FF7B701AC90 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 380COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireRelease$CounterPerformanceQuery
                                                                                                                                                                                                      • String ID: ..\..\base\threading\scoped_blocking_call_internal.cc$MonitorNextJankWindowIfNecessary$enable-background-thread-pool
                                                                                                                                                                                                      • API String ID: 1190089479-3676744455
                                                                                                                                                                                                      • Opcode ID: 0022d0cddc3fd784606ace0d611103d28c7e3bfe0fe50ac99376a0dafd077e5f
                                                                                                                                                                                                      • Instruction ID: e949174b2b0c32f9e67bb9ec62a1ce070b6667d873a7ca8fc45b59d0914c64c8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0022d0cddc3fd784606ace0d611103d28c7e3bfe0fe50ac99376a0dafd077e5f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA029321A0D64685E650BB29E844379A3A0AFA6754FD44132EB5D877B9EF3CF443D330
                                                                                                                                                                                                      Function 00007FF7B70F8AF0 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 179windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FormatMessageW.KERNEL32 ref: 00007FF7B70F8B3F
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00007FF7B70F8B49
                                                                                                                                                                                                        • Part of subcall function 00007FF7B702FBD0: GetLastError.KERNEL32 ref: 00007FF7B702FC65
                                                                                                                                                                                                        • Part of subcall function 00007FF7B702FBD0: SetLastError.KERNEL32 ref: 00007FF7B702FC6F
                                                                                                                                                                                                        • Part of subcall function 00007FF7B702FBD0: SetLastError.KERNEL32 ref: 00007FF7B702FD48
                                                                                                                                                                                                        • Part of subcall function 00007FF7B6F246E0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7B70F8DDC), ref: 00007FF7B6F2470B
                                                                                                                                                                                                        • Part of subcall function 00007FF7B6F246E0: SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7B70F8DDC), ref: 00007FF7B6F24715
                                                                                                                                                                                                        • Part of subcall function 00007FF7B6F246E0: GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7B70F8DDC), ref: 00007FF7B6F247AD
                                                                                                                                                                                                      • LocalFree.KERNEL32 ref: 00007FF7B70F8BE7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Error (0x%lX) while retrieving error. (0x%lX), xrefs: 00007FF7B70F8B4F
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00007FF7B70F8D67
                                                                                                                                                                                                      • (0x%lX), xrefs: 00007FF7B70F8BF9
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00007FF7B70F8D7A
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00007FF7B70F8D54
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast$Local$FormatFreeMessageTime
                                                                                                                                                                                                      • String ID: (0x%lX)$..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$Error (0x%lX) while retrieving error. (0x%lX)
                                                                                                                                                                                                      • API String ID: 2915529375-2412322823
                                                                                                                                                                                                      • Opcode ID: 56fdf0b9101afedf4212dd3408d67e17f23e4b5dba4fb42152734ae3cb495e76
                                                                                                                                                                                                      • Instruction ID: 19012a4181d86e77dcdcc4e68d7621638f25907562a1da0985713e59818fa2f9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 56fdf0b9101afedf4212dd3408d67e17f23e4b5dba4fb42152734ae3cb495e76
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F071877160DB8641EB21AF29F4503AAF760EFA6780F844132DB8D97769DF3CE1468720
                                                                                                                                                                                                      Function 00007FF7B6F9DC30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00007FF7B6F9DC7C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Process$CurrentTerminate
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at
                                                                                                                                                                                                      • API String ID: 2429186680-4189810390
                                                                                                                                                                                                      • Opcode ID: d49e648c2aa59a3c7ee1ca133da23bed647bd29bbb3fa6fdc7d491e6e9cc9b9e
                                                                                                                                                                                                      • Instruction ID: e42ca41be078a9abc466d8d874255aee854ef89e563d51a0e2b03fe286a2fe56
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d49e648c2aa59a3c7ee1ca133da23bed647bd29bbb3fa6fdc7d491e6e9cc9b9e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C621C824F0B94E49FA5CB73D9C5423992509FB6B51FE40970C72E467E8FE6CE4468230
                                                                                                                                                                                                      Function 00007FF7B7048080 Relevance: 13.6, APIs: 9, Instructions: 110threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Thread$CurrentPerformancePriorityQuery$Counter$Frequency
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2845919953-0
                                                                                                                                                                                                      • Opcode ID: 687361f503c1ae114e700a3ce03a3c2605b7dc62ae419e28508d0a8d913b5dca
                                                                                                                                                                                                      • Instruction ID: 22b970582d010662d8196bc2a4d59213a87b1e3f1bdac52525bfc08a622dfdea
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 687361f503c1ae114e700a3ce03a3c2605b7dc62ae419e28508d0a8d913b5dca
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36518321928A4689E611FB7CB845179F365BFA6790FD14232DB4E662B8DF3CA1438230
                                                                                                                                                                                                      Function 00007FF7B6F01352 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 85COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                      • String ID: ..\..\base\task\sequence_manager\work_tracker.cc$E$ScopedAllowBaseSyncPrimitivesOutsideBlockingScope$WaitNoSyncWork
                                                                                                                                                                                                      • API String ID: 1678258262-2415033031
                                                                                                                                                                                                      • Opcode ID: ecbc3caf101d519bf43b699177eb9f170b2db5e1f08f3b958fdcf760f390c205
                                                                                                                                                                                                      • Instruction ID: 93b78b18f9ae095be5d888b3452e34a90caa16493ede2a485b98ad81b5d10594
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ecbc3caf101d519bf43b699177eb9f170b2db5e1f08f3b958fdcf760f390c205
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D418335608B4A96EA10EF19F4503BAA360FBA7799FC40135DB9D076A9CF3CE1068720
                                                                                                                                                                                                      Function 00007FF7B6F478C0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69synchronizationthreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseErrorHandleLastObjectSingleThreadWait
                                                                                                                                                                                                      • String ID: ..\..\base\threading\platform_thread_win.cc$Join$ScopedBlockingCallWithBaseSyncPrimitives
                                                                                                                                                                                                      • API String ID: 813778123-1135135018
                                                                                                                                                                                                      • Opcode ID: eb86246e4975723fee8e9d084e3a55e2a64e3755e55f6d4206f25f4e8507067b
                                                                                                                                                                                                      • Instruction ID: 71ea20ca59395924030707ed9d8e84491b743cde2a48fd18818e62edd8d8f295
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb86246e4975723fee8e9d084e3a55e2a64e3755e55f6d4206f25f4e8507067b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27316521A0C6C695FA20AB29F8117F6B360BFA6754FC44131DB8D46669EE3CD14BC730
                                                                                                                                                                                                      Function 00007FF7B6F1FC60 Relevance: 9.0, APIs: 6, Instructions: 50threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 00007FF7B6F1FC77
                                                                                                                                                                                                      • SetThreadPriority.KERNEL32(?,?,?,?,?,?,00007FF7B701BBF5), ref: 00007FF7B6F1FC8C
                                                                                                                                                                                                        • Part of subcall function 00007FF7B70CFAC0: GetCurrentThread.KERNEL32 ref: 00007FF7B70CFAC4
                                                                                                                                                                                                        • Part of subcall function 00007FF7B70CFAC0: GetThreadPriority.KERNEL32(?,?,?,?,00007FF7B6F1FC97,?,?,?,?,?,?,00007FF7B701BBF5), ref: 00007FF7B70CFACD
                                                                                                                                                                                                      • SetThreadPriority.KERNEL32(?,?,?,?,?,?,00007FF7B701BBF5), ref: 00007FF7B6F1FCA3
                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 00007FF7B6F1FCC2
                                                                                                                                                                                                      • SetThreadInformation.KERNEL32(?,?,?,?,?,?,00007FF7B701BBF5), ref: 00007FF7B6F1FCD9
                                                                                                                                                                                                      • SetThreadPriority.KERNEL32(?,?,?,?,?,?,00007FF7B701BBF5), ref: 00007FF7B6F1FCF9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Thread$Priority$Current$Information
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2516384554-0
                                                                                                                                                                                                      • Opcode ID: 6bdc59d89a542c32d062b3dae71ecf26e0eee7d99e6bf4bacf29e6109943e5dd
                                                                                                                                                                                                      • Instruction ID: f08088f1d1235a2e3548dfd714ec5676eef77de58d3854ef25b36ac9c93d5753
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6bdc59d89a542c32d062b3dae71ecf26e0eee7d99e6bf4bacf29e6109943e5dd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7311C831E0955586E610BB29F84426AE2909FEABD1F914131DF5E43778DE3CE9478720
                                                                                                                                                                                                      Function 00007FF7B70ADDF0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 218COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,00000000,bad_variant_access.cc,00000000,?,?,00000000,00000000,?,00007FF7B70AE203,?), ref: 00007FF7B70ADF0C
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,bad_variant_access.cc,00000000,?,?,00000000,00000000,?,00007FF7B70AE203,?), ref: 00007FF7B70ADF97
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                      • String ID: bad_variant_access.cc
                                                                                                                                                                                                      • API String ID: 953036326-947800613
                                                                                                                                                                                                      • Opcode ID: a0eca0dc2137039ae39842a223ce3aa9d899d075495d3ee5b76aee35948632fa
                                                                                                                                                                                                      • Instruction ID: d4f8478265fed1d7f58197e63571b916a15bd447e913168cb0784d8b764c3033
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0eca0dc2137039ae39842a223ce3aa9d899d075495d3ee5b76aee35948632fa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A91B722E1865289F750AF6D94406BDBBA0AB76788F944136DF0DD76ACDE38D483D330
                                                                                                                                                                                                      Function 00007FF7B701EBC0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 193libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00007FF7B701ED15
                                                                                                                                                                                                      • bcryptprimitives.dll, xrefs: 00007FF7B701EC21
                                                                                                                                                                                                      • ProcessPrng, xrefs: 00007FF7B701EC33
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$ProcessPrng$bcryptprimitives.dll
                                                                                                                                                                                                      • API String ID: 2574300362-4294766899
                                                                                                                                                                                                      • Opcode ID: 11607e7f7bf0c14bdb917be01803f64bf290adfb7c1416aa0085c47a87bcbf52
                                                                                                                                                                                                      • Instruction ID: 8eb38f143e067c52f7c822e605273d815cfc3d85837a50ec5e4a24844bb256ea
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 11607e7f7bf0c14bdb917be01803f64bf290adfb7c1416aa0085c47a87bcbf52
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7651E831F0560645EA14AB2EF940168A390AF76B91F945532DF1D47BB9EF3CE493C320
                                                                                                                                                                                                      Function 00007FF7B70183B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 187COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00007FF7B701860B
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr, xrefs: 00007FF7B70185F8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr
                                                                                                                                                                                                      • API String ID: 1678258262-1580066018
                                                                                                                                                                                                      • Opcode ID: 522df3e498d80f9b59921111139dc514f4136811e2f0fc493b925ab1cbe117cc
                                                                                                                                                                                                      • Instruction ID: 2427abb41cbdf5f4c8f1ef6d0b553f3aa213c0845ebb60ffed56907d65a63a3e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 522df3e498d80f9b59921111139dc514f4136811e2f0fc493b925ab1cbe117cc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD71A361B0D60681EA10AB19E450279A761EFA6B94FD44432EF0E977B9EF3CE543C360
                                                                                                                                                                                                      Function 00007FF7B6F010F0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>, xrefs: 00007FF7B6F0123D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>
                                                                                                                                                                                                      • API String ID: 1678258262-1005156258
                                                                                                                                                                                                      • Opcode ID: a801918aa0b8ec2b4fe036ae8cc5ea4810c4e43dfde322411b842882a506a836
                                                                                                                                                                                                      • Instruction ID: ce0f56542f8a9920a6cd3fe5a553545276f62d3a4f097283e8ccf589b5491fff
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a801918aa0b8ec2b4fe036ae8cc5ea4810c4e43dfde322411b842882a506a836
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB411912B0968955FA19FF59AD042BAA764BBB7B81FC84571DF0D07359CF3CA492C320
                                                                                                                                                                                                      Function 00007FF7B6F447B0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 111COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLockLongNamePath$AcquireCounterPerformanceQueryRelease
                                                                                                                                                                                                      • String ID: ..\..\base\files\file_util_win.cc$MakeLongFilePath$ScopedBlockingCall
                                                                                                                                                                                                      • API String ID: 839722070-2989128051
                                                                                                                                                                                                      • Opcode ID: 0b06af1a0c76f303d327c2f2a3664ecf92a38e0d18883a0fda9916551f1e4ed9
                                                                                                                                                                                                      • Instruction ID: 2b7ff17ad2202f1f9fe327504c5853475b3dce6d8747ded7729b1895a9f27911
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b06af1a0c76f303d327c2f2a3664ecf92a38e0d18883a0fda9916551f1e4ed9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4541D722A1C78645FB21AB29B410BB6A360FFA6744F844131DB8D57B59EF3CE1868750
                                                                                                                                                                                                      Function 00007FF7B6F47730 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,00007FF7B6F69442,?,?,?,?), ref: 00007FF7B6F4778D
                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,00007FF7B6F69442,?,?,?,?), ref: 00007FF7B6F477C4
                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,00007FF7B6F69442,?,?,?,?), ref: 00007FF7B6F4789C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                      • String ID: ..\..\base\threading\thread.cc$StopSoon
                                                                                                                                                                                                      • API String ID: 1678258262-4240870308
                                                                                                                                                                                                      • Opcode ID: e9e5cd6e1c6a6c61bef2241ed55e66fa9040950a17f2f2620af5ea4eb0567ecc
                                                                                                                                                                                                      • Instruction ID: 2e3ea24bdda10eb0197208e78692fafdbb4cfe3df9676506a28142e1bd53792f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e9e5cd6e1c6a6c61bef2241ed55e66fa9040950a17f2f2620af5ea4eb0567ecc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37418632A09B4A85EF04AB19E840669B364EBA6BD5FD44172CB1D037B8DF3CE056C360
                                                                                                                                                                                                      Function 00007FF7B7056F80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast$AddressHandleModuleProc
                                                                                                                                                                                                      • String ID: GetHandleVerifier
                                                                                                                                                                                                      • API String ID: 1762409328-1090674830
                                                                                                                                                                                                      • Opcode ID: d338487f7ab72956d532f8eee399af51dd5c14fa1d0f12a398ad27be2be2fc69
                                                                                                                                                                                                      • Instruction ID: a27da3b875914f837dd669553d509fef34ffee99ba71d6f9be4ec0a9522d17eb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d338487f7ab72956d532f8eee399af51dd5c14fa1d0f12a398ad27be2be2fc69
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E631B832A18646D1EB24AF19E840379B361BB66B50FC45436DB5E833B5DF3CE496C320
                                                                                                                                                                                                      Function 00007FF7B7055B30 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 76libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                      • String ID: %08x-%04x-%04x-%04x-%012llx$ProcessPrng$bcryptprimitives.dll
                                                                                                                                                                                                      • API String ID: 2574300362-4101328353
                                                                                                                                                                                                      • Opcode ID: 32af3ca6c833297801bc6566e017e480d209fba70c792abd4d7d0a90c2f0aa34
                                                                                                                                                                                                      • Instruction ID: dbaee7dda4e00dc0e712c696e51956318c1bfa42bacef106dac6bdfa0b831a9f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32af3ca6c833297801bc6566e017e480d209fba70c792abd4d7d0a90c2f0aa34
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6318021A18A4A85FB10AB6DF480275A760EFE6B50FD41136DB5D467B8DF3CE5438730
                                                                                                                                                                                                      Function 00007FF7B7042C20 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 75libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                      • String ID: ..\..\base\files\file_win.cc$Close$GetHandleVerifier
                                                                                                                                                                                                      • API String ID: 1646373207-1682205630
                                                                                                                                                                                                      • Opcode ID: 0920fe0c261ca300005ade9e972ec69531526ee3a9baae044b304e8945193147
                                                                                                                                                                                                      • Instruction ID: 2c8d048ec377e81fe581fa2cf8caa319828fad79b8e15ece2b51ac63ae185fb5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0920fe0c261ca300005ade9e972ec69531526ee3a9baae044b304e8945193147
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7315421B0C64A90FA25AB2DF4557B9A361AFA6784FC44432DB4D977B8DE2CE147C320
                                                                                                                                                                                                      Function 00007FF7B70A3384 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                      • Opcode ID: 8ff6bfc83a365c4f062c6d84fc4fb9cb5af3adf278b8331d9c9a2b2122785620
                                                                                                                                                                                                      • Instruction ID: 98c6693b1a8af789f699b3be90740813a7fb89cc42c602f2b1096d2ffd78ed64
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ff6bfc83a365c4f062c6d84fc4fb9cb5af3adf278b8331d9c9a2b2122785620
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79F04F62B1DA0A81EA14AB28F444739E360AFAAB61FD40235CB6D851FCDF3DD1468730
                                                                                                                                                                                                      Function 00007FF7B6F55720 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 241COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandle
                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$CloseHandle$Free
                                                                                                                                                                                                      • API String ID: 2962429428-2608852109
                                                                                                                                                                                                      • Opcode ID: f777e55082541f7d841a99d19284c135d979be36b8b4c978e02bfd554e5afc64
                                                                                                                                                                                                      • Instruction ID: 29822ac359bd855799664436728863cba4f8ef8b1bcfc69dc588ed65b73784cd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f777e55082541f7d841a99d19284c135d979be36b8b4c978e02bfd554e5afc64
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9191D932A09B4985E710DF19E844179B3A4FBA9B94F954231DF9D077A9EF3CE582C320
                                                                                                                                                                                                      Function 00007FF7B70B9B84 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                                      • Opcode ID: 3540d50939aca785946156d80034c20debf3dcedab6285acc988ff5d361cbfa7
                                                                                                                                                                                                      • Instruction ID: a3afd0b1c2fe37e48f6382f1cf990768bf6740017b80218e0ad35eada725e6f7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3540d50939aca785946156d80034c20debf3dcedab6285acc988ff5d361cbfa7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF11D260A0C24681FA14B32DA551379F1A19F663A0F944736FA3D877FEDE2CA6435630
                                                                                                                                                                                                      Function 00007FF7B7048280 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 275COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00007FF7B7048694
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
                                                                                                                                                                                                      • API String ID: 1678258262-2888085009
                                                                                                                                                                                                      • Opcode ID: dcb38710e32885446009c816fa8c9d9e79a0880adafd55b707c4b9dd989b2928
                                                                                                                                                                                                      • Instruction ID: 7d252d6bea237812a46054c257331722fd56236f568b97bff6abc5adfd0b3c2e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dcb38710e32885446009c816fa8c9d9e79a0880adafd55b707c4b9dd989b2928
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5EB1CE72A09B8286DA50EF19E44507AB7A4FB66BD0F844532EF5D937E8DF38E452C310
                                                                                                                                                                                                      Function 00007FF7B6F15F4E Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLockRelease
                                                                                                                                                                                                      • String ID: ..\..\base\task\thread_pool\delayed_task_manager.cc$AddDelayedTask
                                                                                                                                                                                                      • API String ID: 1766480654-3015968692
                                                                                                                                                                                                      • Opcode ID: e19346bee9da2f27579a8098c5ae46c9bab6e9c447f029f5f1ebf655e0f68295
                                                                                                                                                                                                      • Instruction ID: 7e92e882ccd40d571987dc6e09e3d2a9471818f72a367934e3a715cb6ede5b2e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e19346bee9da2f27579a8098c5ae46c9bab6e9c447f029f5f1ebf655e0f68295
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5771C6A1A0D54A89FA25AB1D981127EE360EF72BD5FC44072DB1E57BD8DE2CE4039360
                                                                                                                                                                                                      Function 00007FF7B7101970 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                      • String ID: <
                                                                                                                                                                                                      • API String ID: 1678258262-4251816714
                                                                                                                                                                                                      • Opcode ID: 0f32cea9ada06668551c909f0f457f364700f926befbf86ef1ae9042881f1e4d
                                                                                                                                                                                                      • Instruction ID: 8684917fb8d03cabd098251976af02326cf4d4e90191c33fbb6dd7c55a56222a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f32cea9ada06668551c909f0f457f364700f926befbf86ef1ae9042881f1e4d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C151D011E1854944EA16BB29A50127DE361FFA7BD5F944332DF1F265A8EF3CE0539130
                                                                                                                                                                                                      Function 00007FF7B701E970 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 159COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                      • String ID: first$second
                                                                                                                                                                                                      • API String ID: 17069307-3095674784
                                                                                                                                                                                                      • Opcode ID: bc2279ff17083f276f03fd0071e0ab548240a6ef7ee6e46fd96e5b4ba9bb0b67
                                                                                                                                                                                                      • Instruction ID: a5a4ece06d0e9241d71013556995592b36e69ad7b4c37af285914e8ecc27a251
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc2279ff17083f276f03fd0071e0ab548240a6ef7ee6e46fd96e5b4ba9bb0b67
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F8515C22A0869245EA14EB1DE44137EA761EF72795F948232EF5D477E8EE3DE043C320
                                                                                                                                                                                                      Function 00007FF7B6F17148 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00007FF7B6F17243
                                                                                                                                                                                                      • GetHandleVerifier, xrefs: 00007FF7B6F17319
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$GetHandleVerifier
                                                                                                                                                                                                      • API String ID: 1646373207-1987532414
                                                                                                                                                                                                      • Opcode ID: d1643c023be41341335b7262f8e718ee1835204862d51a9a0156e1990c7f5e6b
                                                                                                                                                                                                      • Instruction ID: a08af4065643631cab3898baff4b5c0a36cafa923684776f6365887f9782051e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d1643c023be41341335b7262f8e718ee1835204862d51a9a0156e1990c7f5e6b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B1518162A0D64A85EE54BB2DE84537AA351AFB2791F940171DB1E467ECDF2CF4428330
                                                                                                                                                                                                      Function 00007FF7B6F04120 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7B6F041E9
                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7B6F0428F
                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7B6F04303
                                                                                                                                                                                                        • Part of subcall function 00007FF7B708F6C4: AcquireSRWLockExclusive.KERNEL32(?,?,-5555555555555556,00007FF7B7082EB5,?,?,?,?,?,?,?,?,?,?,00007FF7B70F5CAB), ref: 00007FF7B708F6D4
                                                                                                                                                                                                        • Part of subcall function 00007FF7B708F6C4: ReleaseSRWLockExclusive.KERNEL32(?,?,-5555555555555556,00007FF7B7082EB5,?,?,?,?,?,?,?,?,?,?,00007FF7B70F5CAB), ref: 00007FF7B708F714
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00007FF7B6F04314
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap
                                                                                                                                                                                                      • API String ID: 1678258262-2510419621
                                                                                                                                                                                                      • Opcode ID: 6d8feb54bba3be9560973cb378408db40c57edf11891e5817c9dd56f156c292e
                                                                                                                                                                                                      • Instruction ID: a4711cadbfceebd6657551b46bcb8f8cd4b2d3c26f0ed6ab1aec46c59352e330
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d8feb54bba3be9560973cb378408db40c57edf11891e5817c9dd56f156c292e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D51C622A1854A85EA10FB68E85027AB761BFA6794FD40231DB5D476F9DF2CE543C330
                                                                                                                                                                                                      Function 00007FF7B6F0B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 95COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ConditionSleepVariable
                                                                                                                                                                                                      • String ID: ..\..\base\synchronization\condition_variable_win.cc$ScopedBlockingCallWithBaseSyncPrimitives$TimedWait
                                                                                                                                                                                                      • API String ID: 1382704212-1641630961
                                                                                                                                                                                                      • Opcode ID: a9ddc95a65ae59d1fe53d31b0732cf05c405826b276e05d36554a1c802d729ca
                                                                                                                                                                                                      • Instruction ID: 383d095f85f7d7e86aff6d803cdfc1ee19ae42fe0abfc8010c2f4f239ac7a4d3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9ddc95a65ae59d1fe53d31b0732cf05c405826b276e05d36554a1c802d729ca
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1741E571A0C6C684EB31AB1DB4043E6A3A0FFA6794F848172DB8D467A9DF2ED1468710
                                                                                                                                                                                                      Function 00007FF7B6F1D870 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 88COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                      • String ID: bitset set argument out of range$bitset test argument out of range
                                                                                                                                                                                                      • API String ID: 17069307-1976194836
                                                                                                                                                                                                      • Opcode ID: 90a3b79d29ffd385945269f68c2dc47765d9d3540188d547925229036464a5c3
                                                                                                                                                                                                      • Instruction ID: ede085b71fb92875a181c0074f4322c398015bae4035254935b62baaa3e24290
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90a3b79d29ffd385945269f68c2dc47765d9d3540188d547925229036464a5c3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7721D391B0A50E46FE54B61ABD6437AD2225FA2BE1FD05070CF0E0779DDD2CE4838320
                                                                                                                                                                                                      Function 00007FF7B7115790 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 82COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\util\misc\paths_win.cc$GetModuleFileName
                                                                                                                                                                                                      • API String ID: 2776309574-708485756
                                                                                                                                                                                                      • Opcode ID: 04feba8d559a4fa0ec3d0043531a366d760090befb65905bba8a4a7217f60817
                                                                                                                                                                                                      • Instruction ID: beae361b73f6ebecf606adcee31b474350404a1873e9fe8a1bac6457b780029f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 04feba8d559a4fa0ec3d0043531a366d760090befb65905bba8a4a7217f60817
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C315E20B1C61640FA60BB1AA5553FAD3159FA6BC0F800136EB4E5BBEEDE1DE1078771
                                                                                                                                                                                                      Function 00007FF7B7101EC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,00007FF7B7101C66), ref: 00007FF7B7101F01
                                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?,?,?,00007FF7B7101C66), ref: 00007FF7B7101F0E
                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,00007FF7B7101C66), ref: 00007FF7B7101F23
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00007FF7B7101F9D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$Acquire$Release
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
                                                                                                                                                                                                      • API String ID: 1678258262-2888085009
                                                                                                                                                                                                      • Opcode ID: ff639d82b42884b19eb44c11a7e05e95ebc4e9be1ddfdb1243873fce1e19f20f
                                                                                                                                                                                                      • Instruction ID: ab84a79e0460a154500f9a597ebabe02fb947b2a29a3bff67a401c0b30b48efb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff639d82b42884b19eb44c11a7e05e95ebc4e9be1ddfdb1243873fce1e19f20f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C314D21A1864A81EA11BB6AB84427DA351AFE6B81FE44431DF1D1B6BDDF3CE4479330
                                                                                                                                                                                                      Function 00007FF7B6F07940 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                      • String ID: bitset set argument out of range$bitset test argument out of range
                                                                                                                                                                                                      • API String ID: 17069307-1976194836
                                                                                                                                                                                                      • Opcode ID: 278b70385d345bc30fe89d3efa334e4d312b4e9072528492639466f27062f46c
                                                                                                                                                                                                      • Instruction ID: d7217120a76c534ab305b11937f3f42d7f803328a49a979044d96dc3a93da54d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 278b70385d345bc30fe89d3efa334e4d312b4e9072528492639466f27062f46c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F21E9A1B0968A45ED64BE59FA103FAA2119B617C1ED044B1CF4E0369DDE6CF586C334
                                                                                                                                                                                                      Function 00007FF7B6F0C090 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                                                      • String ID: GetHandleVerifier
                                                                                                                                                                                                      • API String ID: 4275029093-1090674830
                                                                                                                                                                                                      • Opcode ID: 1652b93301863b7d567a5ab0b7a779d9c26f50f9dda8634fa0c0638b1c6ef437
                                                                                                                                                                                                      • Instruction ID: 3db0706cb2b07e3103533f92754f069e152b33f33b2e94e534c8b7ffc97806c8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1652b93301863b7d567a5ab0b7a779d9c26f50f9dda8634fa0c0638b1c6ef437
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7218032A0DA0B84FA147F1DBC4427AA311AF66791FC48476CB0E423E8DF7CA486C230
                                                                                                                                                                                                      Function 00007FF7B7018CA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,?,?,00007FF7B70F4B8E,?,?,00000000,?,00007FF7B7106012), ref: 00007FF7B7018CB4
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(?,?,00000000,?,00007FF7B7106012), ref: 00007FF7B7018D29
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,?,00007FF7B7106012), ref: 00007FF7B7018D39
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                                                      • String ID: GetHandleVerifier
                                                                                                                                                                                                      • API String ID: 4275029093-1090674830
                                                                                                                                                                                                      • Opcode ID: 6805fcfcfcc9f8a08d7a0691e2247ad47fe02d3f85f2041f5a296a076c73fc6b
                                                                                                                                                                                                      • Instruction ID: bf9fa5f20a57d88281721ef3ad36605253839339aa3a683b93b702fb1c57d77a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6805fcfcfcc9f8a08d7a0691e2247ad47fe02d3f85f2041f5a296a076c73fc6b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93213025A0DB0A80EA157B1DB844279A311AF767A0FD44436DB0E967F8EF3CA597C320
                                                                                                                                                                                                      Function 00007FF7B6F0DA40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57filelibraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • UnmapViewOfFile.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7B6F0D929), ref: 00007FF7B6F0DA58
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7B6F0D929), ref: 00007FF7B6F0DAC0
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7B6F0D929), ref: 00007FF7B6F0DAD0
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressFileHandleModuleProcUnmapView
                                                                                                                                                                                                      • String ID: GetHandleVerifier
                                                                                                                                                                                                      • API String ID: 3224599007-1090674830
                                                                                                                                                                                                      • Opcode ID: 35ca4e678259978e73e9fb240ceb43afa8f850943639962db1164f246ac1e09b
                                                                                                                                                                                                      • Instruction ID: 2314c01b7e5cb77562d330f95e92cb97b1b960dc0808e077c5448bbc0a177d95
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 35ca4e678259978e73e9fb240ceb43afa8f850943639962db1164f246ac1e09b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA216821E0D60A85EB24BF6DF84537A9321AF62B85F944075DB0E563A9DF7CE486C230
                                                                                                                                                                                                      Function 00007FF7B6F42940 Relevance: 6.1, APIs: 4, Instructions: 134COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: BuildEntriesErrorFreeLastLocalTrusteeWith
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2527364759-0
                                                                                                                                                                                                      • Opcode ID: a38169f7e613ce42d491a22b2511fe367fc394847f7adc686acf3b8c3679a1b0
                                                                                                                                                                                                      • Instruction ID: b2bd58b7ffe0f96bf3cf436a328d06818ec7b8eb72ec00985951fae774c33701
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a38169f7e613ce42d491a22b2511fe367fc394847f7adc686acf3b8c3679a1b0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66412C22F086494AFA20BF2E980477AA790FFAAB95F851131EF4D47758DE3CE142C310
                                                                                                                                                                                                      Function 00007FF7B6F1369D Relevance: 6.1, APIs: 4, Instructions: 69memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value$Alloc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3180153967-0
                                                                                                                                                                                                      • Opcode ID: b8e8cfc1eeff17cbbc441556c340d408aae3199eb22284f094d7b9334e33e6f2
                                                                                                                                                                                                      • Instruction ID: c877d4f406438004a7cbd62399686f408a1acaf6ecc868fa30735353df40b6ef
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b8e8cfc1eeff17cbbc441556c340d408aae3199eb22284f094d7b9334e33e6f2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5311A161F0854946F614773D68143BAA2919FABBE1FC00135EF6D4B7EDCE3CA84346A0
                                                                                                                                                                                                      Function 00007FF7B6F07330 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 17069307-0
                                                                                                                                                                                                      • Opcode ID: aba7cb8fdb62a698af1450e17f9ce09fa6582ea383a63d2fa71497376c1c41c8
                                                                                                                                                                                                      • Instruction ID: 17c1af47eeb134ae7bf8030e8f2b7f17bec5f7052922c62b58a0a3053d1658af
                                                                                                                                                                                                      • Opcode Fuzzy Hash: aba7cb8fdb62a698af1450e17f9ce09fa6582ea383a63d2fa71497376c1c41c8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18215136A08A0A94EA11AF59FD40275A760BBA67A5FC00631CF7D166F8DE3CD547C330
                                                                                                                                                                                                      Function 00007FF7B7092584 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2933794660-0
                                                                                                                                                                                                      • Opcode ID: bc8cc271a81cb2d0cf723acb6e933dfc79c6dbce6dc2059291a44194ad764687
                                                                                                                                                                                                      • Instruction ID: 1db102613952678ae7844390e3c0c8fe7c2db49d008b2f4ecd982244ab6014f5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc8cc271a81cb2d0cf723acb6e933dfc79c6dbce6dc2059291a44194ad764687
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11115132B14F0589EB00DF64E8442B873A4FB69758F841D31EB6D427A8DF7CD1658360
                                                                                                                                                                                                      Function 00007FF7B6F5B720 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseErrorHandleLast
                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc$CloseHandle
                                                                                                                                                                                                      • API String ID: 918212764-1830217499
                                                                                                                                                                                                      • Opcode ID: 52da9b2ca3452e2d1b4a8b8cbedd4432719bcacbc643daef8a3810ab2a93e224
                                                                                                                                                                                                      • Instruction ID: bcbfec49ce225afb44f4d4f0fde5c76725b60500f8687b201123721e15a7ffea
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 52da9b2ca3452e2d1b4a8b8cbedd4432719bcacbc643daef8a3810ab2a93e224
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE017921E0C55682FA50B729B8513F7E250AF66B80FC00035DB4D5A6EDDE2CD603CB70
                                                                                                                                                                                                      Function 00007FF7B6F2A250 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 249COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00007FF7B6F2A57F
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\optional:800: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 00007FF7B6F2A5C4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CounterPerformanceQuery
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\optional:800: assertion this->has_value() failed: optional operator* called on a disengaged value
                                                                                                                                                                                                      • API String ID: 2783962273-3013800257
                                                                                                                                                                                                      • Opcode ID: a9ca3b8373969a9e7be85f137d4bcb3748871fa5efe96675d2eca9edf2692a05
                                                                                                                                                                                                      • Instruction ID: 547753a5eb9943e951df0cc8fda07665f9a38431ebf9253b7f484c24d15d12e8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9ca3b8373969a9e7be85f137d4bcb3748871fa5efe96675d2eca9edf2692a05
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DFA1F762A0974985EA50AB2DF84137BE3A1EB66794F944172EF5D077A8DF3CE042C720
                                                                                                                                                                                                      Function 00007FF7B7082D50 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7B70F5CAB), ref: 00007FF7B7082E40
                                                                                                                                                                                                      • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7B70F5CAB), ref: 00007FF7B7082E99
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>, xrefs: 00007FF7B7082DEE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: PerformanceQuery$CounterFrequency
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>
                                                                                                                                                                                                      • API String ID: 774501991-1005156258
                                                                                                                                                                                                      • Opcode ID: 08a9388ed94ca9583da50b01e9a6bc7ced01b86c82134a27a0ffc20d1e760595
                                                                                                                                                                                                      • Instruction ID: 9b38be2a4342ea62181401a577a154bdbbae63c465f30f42c38134a833370dd6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08a9388ed94ca9583da50b01e9a6bc7ced01b86c82134a27a0ffc20d1e760595
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0417272A08B4685E610EB2DF544268B7A1EBAA790FD48132CB4D87378CF3CE557C320
                                                                                                                                                                                                      Function 00007FF7B6F01C60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>, xrefs: 00007FF7B6F01D2F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AcquireExclusiveLock
                                                                                                                                                                                                      • String ID: ..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>
                                                                                                                                                                                                      • API String ID: 4021432409-1005156258
                                                                                                                                                                                                      • Opcode ID: b70a1c15078c4b9a6e1aa535a9e41d839b39eeb5bde190e470b79632bb8abcb6
                                                                                                                                                                                                      • Instruction ID: 71b4d15fc3719bdd29a46c563bfd615f38fc3eead4ba75cb826cd804f2461763
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b70a1c15078c4b9a6e1aa535a9e41d839b39eeb5bde190e470b79632bb8abcb6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2213A12F0E15A54FA21FFAA89001BED7616F76B85F944472CF0D072A9CE3DE4538320
                                                                                                                                                                                                      Function 00007FF7B6F13450 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00007FF7B7059990: QueryPerformanceCounter.KERNEL32 ref: 00007FF7B7059AB9
                                                                                                                                                                                                        • Part of subcall function 00007FF7B7059990: TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7B7059B19
                                                                                                                                                                                                        • Part of subcall function 00007FF7B7059990: ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7B7059B69
                                                                                                                                                                                                      • GetFileSizeEx.KERNEL32 ref: 00007FF7B6F134D5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireCounterFilePerformanceQueryReleaseSize
                                                                                                                                                                                                      • String ID: ..\..\base\files\file_win.cc$GetLength
                                                                                                                                                                                                      • API String ID: 870130176-1822068241
                                                                                                                                                                                                      • Opcode ID: 8868b513e511e7665f3b7d38f6998f31832f055bfa1b53287e8fe2439fca656b
                                                                                                                                                                                                      • Instruction ID: b9b47353352d00ef00366f77d1b1e857004bc38d7af8d27e4e867205e5d34f32
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8868b513e511e7665f3b7d38f6998f31832f055bfa1b53287e8fe2439fca656b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F811B23171898A90FA20AB2DB8057E9A3A4BF95B88F805121DE8C47B28DE3DD1478750
                                                                                                                                                                                                      Function 00007FF7B6F0D990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressFileHandleModuleProcUnmapView
                                                                                                                                                                                                      • String ID: GetHandleVerifier
                                                                                                                                                                                                      • API String ID: 3224599007-1090674830
                                                                                                                                                                                                      • Opcode ID: cc10de42bd9ac998e577b9c21ddcf2fc65384271ad1e5a03b95c45ecc4fd3f9b
                                                                                                                                                                                                      • Instruction ID: 506d8cdc617b7620ac7b80db49ad464b4b3712d5e0533c51228d45599425ce68
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc10de42bd9ac998e577b9c21ddcf2fc65384271ad1e5a03b95c45ecc4fd3f9b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE114625A0D60E85EA147B2DA85533A92216F62B85FD04075CB0F563A9DE2CE0459230
                                                                                                                                                                                                      Function 00007FF7B707D2D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000004C.00000002.98341504396.00007FF7B6F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7B6F00000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98341371626.00007FF7B6F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343428367.00007FF7B7161000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343760652.00007FF7B71B3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98343901049.00007FF7B71B4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344143063.00007FF7B71B5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344229718.00007FF7B71C1000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344354937.00007FF7B71C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344455317.00007FF7B71CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344697701.00007FF7B71E4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344808007.00007FF7B71E5000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000004C.00000002.98344946275.00007FF7B71E6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_76_2_7ff7b6f00000_onestart.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                      • String ID: GetHandleVerifier
                                                                                                                                                                                                      • API String ID: 1646373207-1090674830
                                                                                                                                                                                                      • Opcode ID: 08e448348804fad6c19bfbde1b9f8d61d4912c58f0b4a0a57a60285370737f06
                                                                                                                                                                                                      • Instruction ID: 083a607e1cdf259a1d2b3ffd8255cab27253fdc664bd5b5fb97d8f3c53660d7b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08e448348804fad6c19bfbde1b9f8d61d4912c58f0b4a0a57a60285370737f06
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 59011225E0E64B81FB18B76DB45467593516FA6B44FD4403ACA0E9A3BCDE6CE0479230